370 likes | 443 Views
EEC-681/781 Distributed Computing Systems. Lecture 9 Wenbing Zhao wenbing@ieee.org Cleveland State University. Outline. Naming and naming resolution X.500 and LDAP Final due date for project proposal This Wendesday 11/8 mid-night
E N D
EEC-681/781Distributed Computing Systems Lecture 9 Wenbing Zhao wenbing@ieee.org Cleveland State University
Outline • Naming and naming resolution • X.500 and LDAP • Final due date for project proposal • This Wendesday 11/8 mid-night • You will lose all the credit for the project if you miss this deadline • Modified due date for project progress report • 11/20 Monday mid-night • No extension! EEC-681: Distributed Computing Systems
Naming • Names play a very important role in distributed systems. They are used • To share resources • To uniquely identify entities • To refer to locations • Identifier: A name having the following properties: • P1Each identifier refers to at most one entity • P2Each entity is referred to by at most one identifier • P3An identifier always refers to the same entity (prohibits reusing an identifier) EEC-681: Distributed Computing Systems
Naming • Name resolution: allow a process to access the named entity • To operate on an entity, we need to access it at an access point • Access points are entities that are named by means of an address • A location-independent name for an entity E, is independent from the addresses of the access points offered by E • In a distributed system, the implementation of a naming system is itself distributed across multiple machines EEC-681: Distributed Computing Systems
Name Spaces • Names in a distributed system are organized into a name space • Name spaces offer a convenient mechanism for storing and retrieving information about entities by means of names EEC-681: Distributed Computing Systems
Name Spaces • A name space can be represented as a labeled, directed graph with two types of nodes. Each node is considered an entity and associated with an identifier • A leaf noderepresents a (named) entity • A directory nodeis an entity that refers to other nodes. A directory node contains a (directory) table of (edge label, node identifier)pairs EEC-681: Distributed Computing Systems
Name Spaces • Root node: node has only outgoing and no incoming edges • Path name: a path in a naming graph N:<label-1, label-2, …, label-n> • N: first node in the path • Absolute path name: if N is root, e.g., n0:<home, steen, mbox> • Relative path name: if N is not root EEC-681: Distributed Computing Systems
Name Spaces • Attributesin a node describe aspects of the entity the node represents: • Type of the entity • An identifier for that entity • Address of the entity’s location • Nicknames • ... • Directory nodes can also have attributes, besides just storing a directory table with (edge label, node identifier)pairs EEC-681: Distributed Computing Systems
Name Resolution • Name resolution: the process of looking up a name • A name lookup returns the identifier of a node from where the name resolution process continues • Example: Resolve the path name N:<label-1, label-2, …, label-n> • Resolution starts at node N, looks up label-1 in directory table, returns the identifier node to which label-1 refers • Resolution continues at the identified node by looking up the name label-2 in its directory table, and so on • Resolution stops when the node referred to by label-n is found, and the content of that node is returned EEC-681: Distributed Computing Systems
Merging Name Spaces • Method 1: Pathnames of different name spaces are concatenated (URLs) ftp://ftp.cs.vu.nl/pub/steen/ ftp Name of protocol used to talk with server :// Name space delimiter ftp.cs.vu.nl Name of a node representing an FTP server / Name space delimiter pub/steen/ Name of a node in the name space rooted at the context node mapped to the FTP server EEC-681: Distributed Computing Systems
Merging Name Spaces • Method 2: Introduce nodes that contain the name of a node in a “foreign” name space, along with the information how to select the initial context in that foreign name space Mount point: (Directory) node in naming graph that refers to other naming graph Mounting point: (Directory) node in other naming graph that is referred to. EEC-681: Distributed Computing Systems
Merging Name Spaces • Method 3: Use only full pathnames, in which the starting context is explicitly identified, and merge by adding a new root node EEC-681: Distributed Computing Systems
Implementation of Name Space • Name space distribution • Implementation of name resolution • Iterative resolution • Recursive resolution EEC-681: Distributed Computing Systems
Name Space Distribution • Distributing nodes of the naming graph across multiple machines • Distribute the name resolution process, and • Distribute name space management • A hierarchical naming graph: • Global level: high-level directory nodes. These directory nodes have to be jointly managed by different administrations • Administrational level: Mid-level directory nodes. Each group can be assigned to a separate admin. • Managerial level: Low-level directory nodes within a single administration EEC-681: Distributed Computing Systems
Name Space Distribution • An example partitioning of the DNS name space, including Internet-accessible files, into three layers EEC-681: Distributed Computing Systems
Implementation of Name Resolution • Each client has access to a local name resolver, which is responsible for ensuring that the name resolution process is carried out • Two types of name resolution • Iterative name resolution • Recursive name resolution EEC-681: Distributed Computing Systems
Iterative Name Resolution EEC-681: Distributed Computing Systems
Recursive Name Resolution EEC-681: Distributed Computing Systems
Recursive Name Resolution Recursive name resolution of <nl, vu, cs, ftp>. Name servers cache intermediate results for subsequent lookups EEC-681: Distributed Computing Systems
Iterative vs. Recursive Name Resolution EEC-681: Distributed Computing Systems
Directory Service • Directory service: a special kind of naming service in whicha client can look for an entity based on a description of properties instead of a full name • Similar to yellow pages • X.500: OSI directory service EEC-681: Distributed Computing Systems
The X.500 Name Space EEC-681: Distributed Computing Systems
X.500 Terminologies • Distinguished name (DN):the name that (globally) uniquely identifies an entry in the directory • A DN is made up of attribute=value pairs, separated by commas, for example: • cn=Ben Gray,ou=editing,o=New York Times,c=US • cn=Lucille White,ou=editing,o=New York Times,c=US • cn=Tom Brown,ou=reporting,o=New York Times,c=US EEC-681: Distributed Computing Systems
X.500 Terminologies • Relative Distinguished Name (RDN):uniquely identifies the object within its parent container • For example, the RDN of a computer named my computer is CN=mycomputer • For example, users cannot have the same name within an organizational unit • Directory Information Base (DIB): collection of all directory entries EEC-681: Distributed Computing Systems
Directory Information Tree • Part of the directory information tree • Listing RDNs in sequence • Support two lookup operations • Read • List DN for host star: C=NL/O=VU/OU=MCS/CN=MS/Host_Name=star (Microsoft Active Directory style) Host_Name=start, CN=MS, OU=MCS, O=VU, C=NL (LDAP style) EEC-681: Distributed Computing Systems
X.500 Implementation • Directory Service Agents (DSAs) • Directory User Agents (DUAs) • Searching in a directory service is in general an expensive operation • Lightweight Directory Access Protocol (LDAP) • Easier to use than OSI X.500 • An application-level protocol implemented on top of TCP => LDAP is a connection-oriented protocol EEC-681: Distributed Computing Systems
LDAP • Understanding and Deploying LDAP Directory Services, Second Edition • By Timothy A. Howes - Ph.D., Mark C. Smith, Gordon S. Good • Publisher: Addison Wesley Professional • Pub Date: April 28, 2003 • http://proquest.safaribooksonline.com/0672323168 EEC-681: Distributed Computing Systems
LDAP Operations • Bind: to start a connection with the LDAP server • The client specifies the protocol version and the client authentication information • Unbind: to terminate the connection with the LDAP server • Search: Used to search the directory • The client specifies the starting point (base object) of the search, the search scope (either the object only, its children, or the subtree rooted at the object), and a search filter • The search results consist of LDAP entries (and the attributes requested) that satisfy the filter EEC-681: Distributed Computing Systems
LDAP Operations • Modify: to modify an existing entry • The client specifies the name of the entry to be modified and a list of modifications • Each modification consists of an attribute and information regarding whether its values are to be added, deleted, or replaced • Add: to add a new entry • The client specifies the name of the new entry and a set of attributes for the new entry • Delete: to remove an existing entry • The client specifies the name of the entry to remove EEC-681: Distributed Computing Systems
LDAP Operations • Modify RDN: to change the RDN of the last component of an existing entry (that is, to assign the entry a new name in the same context) • The client specifies the DN for the entry and the new RDN • Compare: to test whether an entry has an attribute/value pair • The client specifies the name of the entry and the name and value to check • Abandon: to terminate an outstanding request EEC-681: Distributed Computing Systems
LDAP Schema • The LDAP v3 defines a schema (RFC 2252 and RFC 2256) based on the X.500 standard for common objects found in a network, such as countries, localities, organizations, users/persons, groups, and devices • A directory schema specifies the types of objects that a directory may have and the mandatory and optional attributes of each object type • Before a directory server stores a new or modified entry, it checks the entry's contents against the schema rules • Whenever directory clients or servers compare two attribute values, they consult the schema to determine what comparison algorithm to use EEC-681: Distributed Computing Systems
LDAP Schema • A LDAP schema consists of attribute types, attribute syntaxes, matching rules, and object classes • Attribute types (or simply attributes) hold specific data elements such as a name, business phone number • Attribute syntaxes specify exactly how data values are represented • Binary, DN, PrintableString, etc. • Matching rules specify the rules to compare the values of different attribute types • CaseExactMatch, caseIgnoreMatch, booleanMatch, etc. • Object classes are used to group related information • An object class models a real-world object such as a person, printer • Each directory entry belongs to one or more object classes • Attribute types, attribute syntaxes and object classes all require unique object identifiers (OID) EEC-681: Distributed Computing Systems
LDAP Schema EEC-681: Distributed Computing Systems
LDAP Schema Example • LDAPv3 Object Class Schema format • ( OCOID NAME OCNAME [ DESC OCDESC ] [ OBSOLETE ] [ SUP SUPOID ] [ OCKIND ] [ MUST REQATSET ] [ MAY ALLOWATSET ] ) • The Standard person Object Class in LDAPv3 Format • ( 2.5.6.6 NAME 'person' DESC 'Standard Person Object Class' SUP 'top' STRUCTURAL MUST ( objectclass $ sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) ) EEC-681: Distributed Computing Systems
Java Naming and Directory Interface (JNDI) • JNDI is an application programming interface (API) that provides naming and directory functionality to applications written using the Java programming language • It is defined to be independent of any specific directory service implementation EEC-681: Distributed Computing Systems
Java Naming and Directory Interface EEC-681: Distributed Computing Systems