1 / 36

EEC-681/781 Distributed Computing Systems

EEC-681/781 Distributed Computing Systems. Lecture 9 Wenbing Zhao wenbing@ieee.org Cleveland State University. Outline. Naming and naming resolution X.500 and LDAP Final due date for project proposal This Wendesday 11/8 mid-night

Download Presentation

EEC-681/781 Distributed Computing Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EEC-681/781Distributed Computing Systems Lecture 9 Wenbing Zhao wenbing@ieee.org Cleveland State University

  2. Outline • Naming and naming resolution • X.500 and LDAP • Final due date for project proposal • This Wendesday 11/8 mid-night • You will lose all the credit for the project if you miss this deadline • Modified due date for project progress report • 11/20 Monday mid-night • No extension! EEC-681: Distributed Computing Systems

  3. Naming • Names play a very important role in distributed systems. They are used • To share resources • To uniquely identify entities • To refer to locations • Identifier: A name having the following properties: • P1Each identifier refers to at most one entity • P2Each entity is referred to by at most one identifier • P3An identifier always refers to the same entity (prohibits reusing an identifier) EEC-681: Distributed Computing Systems

  4. Naming • Name resolution: allow a process to access the named entity • To operate on an entity, we need to access it at an access point • Access points are entities that are named by means of an address • A location-independent name for an entity E, is independent from the addresses of the access points offered by E • In a distributed system, the implementation of a naming system is itself distributed across multiple machines EEC-681: Distributed Computing Systems

  5. Name Spaces • Names in a distributed system are organized into a name space • Name spaces offer a convenient mechanism for storing and retrieving information about entities by means of names EEC-681: Distributed Computing Systems

  6. Name Spaces • A name space can be represented as a labeled, directed graph with two types of nodes. Each node is considered an entity and associated with an identifier • A leaf noderepresents a (named) entity • A directory nodeis an entity that refers to other nodes. A directory node contains a (directory) table of (edge label, node identifier)pairs EEC-681: Distributed Computing Systems

  7. Name Spaces • Root node: node has only outgoing and no incoming edges • Path name: a path in a naming graph N:<label-1, label-2, …, label-n> • N: first node in the path • Absolute path name: if N is root, e.g., n0:<home, steen, mbox> • Relative path name: if N is not root EEC-681: Distributed Computing Systems

  8. Name Spaces • Attributesin a node describe aspects of the entity the node represents: • Type of the entity • An identifier for that entity • Address of the entity’s location • Nicknames • ... • Directory nodes can also have attributes, besides just storing a directory table with (edge label, node identifier)pairs EEC-681: Distributed Computing Systems

  9. Name Resolution • Name resolution: the process of looking up a name • A name lookup returns the identifier of a node from where the name resolution process continues • Example: Resolve the path name N:<label-1, label-2, …, label-n> • Resolution starts at node N, looks up label-1 in directory table, returns the identifier node to which label-1 refers • Resolution continues at the identified node by looking up the name label-2 in its directory table, and so on • Resolution stops when the node referred to by label-n is found, and the content of that node is returned EEC-681: Distributed Computing Systems

  10. Merging Name Spaces • Method 1: Pathnames of different name spaces are concatenated (URLs) ftp://ftp.cs.vu.nl/pub/steen/ ftp Name of protocol used to talk with server :// Name space delimiter ftp.cs.vu.nl Name of a node representing an FTP server / Name space delimiter pub/steen/ Name of a node in the name space rooted at the context node mapped to the FTP server EEC-681: Distributed Computing Systems

  11. Merging Name Spaces • Method 2: Introduce nodes that contain the name of a node in a “foreign” name space, along with the information how to select the initial context in that foreign name space Mount point: (Directory) node in naming graph that refers to other naming graph Mounting point: (Directory) node in other naming graph that is referred to. EEC-681: Distributed Computing Systems

  12. Merging Name Spaces • Method 3: Use only full pathnames, in which the starting context is explicitly identified, and merge by adding a new root node EEC-681: Distributed Computing Systems

  13. Implementation of Name Space • Name space distribution • Implementation of name resolution • Iterative resolution • Recursive resolution EEC-681: Distributed Computing Systems

  14. Name Space Distribution • Distributing nodes of the naming graph across multiple machines • Distribute the name resolution process, and • Distribute name space management • A hierarchical naming graph: • Global level: high-level directory nodes. These directory nodes have to be jointly managed by different administrations • Administrational level: Mid-level directory nodes. Each group can be assigned to a separate admin. • Managerial level: Low-level directory nodes within a single administration EEC-681: Distributed Computing Systems

  15. Name Space Distribution • An example partitioning of the DNS name space, including Internet-accessible files, into three layers EEC-681: Distributed Computing Systems

  16. Implementation of Name Resolution • Each client has access to a local name resolver, which is responsible for ensuring that the name resolution process is carried out • Two types of name resolution • Iterative name resolution • Recursive name resolution EEC-681: Distributed Computing Systems

  17. Iterative Name Resolution EEC-681: Distributed Computing Systems

  18. Recursive Name Resolution EEC-681: Distributed Computing Systems

  19. Recursive Name Resolution Recursive name resolution of <nl, vu, cs, ftp>. Name servers cache intermediate results for subsequent lookups EEC-681: Distributed Computing Systems

  20. Iterative vs. Recursive Name Resolution EEC-681: Distributed Computing Systems

  21. Directory Service • Directory service: a special kind of naming service in whicha client can look for an entity based on a description of properties instead of a full name • Similar to yellow pages • X.500: OSI directory service EEC-681: Distributed Computing Systems

  22. The X.500 Name Space EEC-681: Distributed Computing Systems

  23. X.500 Terminologies • Distinguished name (DN):the name that (globally) uniquely identifies an entry in the directory • A DN is made up of attribute=value pairs, separated by commas, for example: • cn=Ben Gray,ou=editing,o=New York Times,c=US • cn=Lucille White,ou=editing,o=New York Times,c=US • cn=Tom Brown,ou=reporting,o=New York Times,c=US EEC-681: Distributed Computing Systems

  24. X.500 Terminologies • Relative Distinguished Name (RDN):uniquely identifies the object within its parent container • For example, the RDN of a computer named my computer is CN=mycomputer • For example, users cannot have the same name within an organizational unit • Directory Information Base (DIB): collection of all directory entries EEC-681: Distributed Computing Systems

  25. Directory Information Tree • Part of the directory information tree • Listing RDNs in sequence • Support two lookup operations • Read • List DN for host star: C=NL/O=VU/OU=MCS/CN=MS/Host_Name=star (Microsoft Active Directory style) Host_Name=start, CN=MS, OU=MCS, O=VU, C=NL (LDAP style) EEC-681: Distributed Computing Systems

  26. X.500 Implementation • Directory Service Agents (DSAs) • Directory User Agents (DUAs) • Searching in a directory service is in general an expensive operation • Lightweight Directory Access Protocol (LDAP) • Easier to use than OSI X.500 • An application-level protocol implemented on top of TCP => LDAP is a connection-oriented protocol EEC-681: Distributed Computing Systems

  27. LDAP • Understanding and Deploying LDAP Directory Services, Second Edition • By Timothy A. Howes -  Ph.D., Mark C. Smith, Gordon S. Good • Publisher: Addison Wesley Professional • Pub Date: April 28, 2003 • http://proquest.safaribooksonline.com/0672323168 EEC-681: Distributed Computing Systems

  28. LDAP Operations • Bind: to start a connection with the LDAP server • The client specifies the protocol version and the client authentication information • Unbind: to terminate the connection with the LDAP server • Search: Used to search the directory • The client specifies the starting point (base object) of the search, the search scope (either the object only, its children, or the subtree rooted at the object), and a search filter • The search results consist of LDAP entries (and the attributes requested) that satisfy the filter EEC-681: Distributed Computing Systems

  29. LDAP Operations • Modify: to modify an existing entry • The client specifies the name of the entry to be modified and a list of modifications • Each modification consists of an attribute and information regarding whether its values are to be added, deleted, or replaced • Add: to add a new entry • The client specifies the name of the new entry and a set of attributes for the new entry • Delete: to remove an existing entry • The client specifies the name of the entry to remove EEC-681: Distributed Computing Systems

  30. LDAP Operations • Modify RDN: to change the RDN of the last component of an existing entry (that is, to assign the entry a new name in the same context) • The client specifies the DN for the entry and the new RDN • Compare: to test whether an entry has an attribute/value pair • The client specifies the name of the entry and the name and value to check • Abandon: to terminate an outstanding request EEC-681: Distributed Computing Systems

  31. LDAP Schema • The LDAP v3 defines a schema (RFC 2252 and RFC 2256) based on the X.500 standard for common objects found in a network, such as countries, localities, organizations, users/persons, groups, and devices • A directory schema specifies the types of objects that a directory may have and the mandatory and optional attributes of each object type • Before a directory server stores a new or modified entry, it checks the entry's contents against the schema rules • Whenever directory clients or servers compare two attribute values, they consult the schema to determine what comparison algorithm to use EEC-681: Distributed Computing Systems

  32. LDAP Schema • A LDAP schema consists of attribute types, attribute syntaxes, matching rules, and object classes • Attribute types (or simply attributes) hold specific data elements such as a name, business phone number • Attribute syntaxes specify exactly how data values are represented • Binary, DN, PrintableString, etc. • Matching rules specify the rules to compare the values of different attribute types • CaseExactMatch, caseIgnoreMatch, booleanMatch, etc. • Object classes are used to group related information • An object class models a real-world object such as a person, printer • Each directory entry belongs to one or more object classes • Attribute types, attribute syntaxes and object classes all require unique object identifiers (OID) EEC-681: Distributed Computing Systems

  33. LDAP Schema EEC-681: Distributed Computing Systems

  34. LDAP Schema Example • LDAPv3 Object Class Schema format • ( OCOID NAME OCNAME [ DESC OCDESC ] [ OBSOLETE ] [ SUP SUPOID ] [ OCKIND ] [ MUST REQATSET ] [ MAY ALLOWATSET ] ) • The Standard person Object Class in LDAPv3 Format • ( 2.5.6.6 NAME 'person' DESC 'Standard Person Object Class' SUP 'top' STRUCTURAL MUST ( objectclass $ sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) ) EEC-681: Distributed Computing Systems

  35. Java Naming and Directory Interface (JNDI) • JNDI is an application programming interface (API) that provides naming and directory functionality to applications written using the Java programming language • It is defined to be independent of any specific directory service implementation EEC-681: Distributed Computing Systems

  36. Java Naming and Directory Interface EEC-681: Distributed Computing Systems

More Related