A directory is a map between names and values. In a telephone directory, the nodes are names and the data items are telephone numbers. In a domain name server, the nodes are domain names and the data items are IP addresses (and aliases, mail server names, etc.). A directory server is a computer server system that stores, organizes and provides access to information in a directory. A directory service is the software system implemented on one or more computers, including directory servers. A directory service typically provides an organized set of records, such as a corporate email directory. A directory service may have a hierarchical data structure. LDAP, or Lightweight Directory Access Protocol, is an application protocol for maintaining distributed directory information services over an Internet Protocol (IP) network. Version 3 of the LDAP protocol (LDAPv3) was first published in 1997 and is in widespread use today.
An LDAP directory often is depicted as a tree, with the root node at the top. An entry is the basic unit of information in an LDAP directory. Each entry includes data for one or more attributes. Each entry has a unique name, the “distinguished name” or “DN.” As between all leaf nodes of a single parent node, each sibling has a unique entry, referred to as the RDN, or relative distinguished name, and the DN is the combination of all RDNs in the path from the entry to the root of the directory tree. To illustrate, take the directory entry: cn=john smith, ou=users, dc=example, dc=com. The DN for the entry is cn=john smith, ou=users, dc=example, dc=com, and the RDN is cn=john smith. For this entry, john smith is the data value for the attribute cn (common name), users is the data value for the attribute ou (organizational unit), and the data values for the attribute dc (domain component) are example and com.
In many directory service installations the directory contents may be stored on multiple systems. Indeed, a single directory may have multiple identical replicas, each of which can be independently modified. Synchronization is a mechanism for keeping track of changes in a directory environment and propagating the changes to other data depositories. Replication is a form of synchronization that is used to propagate changes from one directory server to all replicas of the same directory to ensure that each replica of a directory is, or will eventually be, identical.
There are many benefits to including replicas in a directory service. If one directory server is in heavy use, or does not have enough CPU or memory power to handle all requests, some requests can be routed to a replica to reduce the load on the first server. A local replica could be located on one side of a slow network link, and installing a replica on the other side will improve response time for users on the other side of the link. Finally, replicas could be used for failover, meaning that if one server goes down, requests can be automatically rerouted to a replica to minimize disruptions in service.
A change log is a file that maintains changes. In some embodiments of a directory service, a change log is a file maintained by a directory server to keep track of all changes to the directory. Some of the changes may have originated on the directory server. Other changes may have originated on another server and were transmitted to the directory server through a replication facility or other synchronization mechanism.
A directory has a significant advantage over other database technologies in that it includes a flexible schema structure that is separate from the “access path” to the data. In other words, the directory information tree (DIT) structure of a directory is separate from the schema. This and other data model differences allow directories to optimize certain operations for speed (e.g., search operations) and outperform other database technologies, e.g., relational database management systems, for many kinds of problems.