1. Field of the Invention
The present invention relates to the field of information processing systems. More specifically, the present invention relates to distributed directory information.
2. Description of the Related Art
Information directories are organized repositories of typically descriptive, attribute based information. An information directory may be an E-mail address directory, a telephone directory, a network directory, a public key directory, a company directory, etc. The International Standards Organization (ISO) and International Telecommunications Union (ITU) provided X.500 as a standard for organizing information directories and for directory services.
The complexity of the X.500 standard deters many organizations from implementing the entire standard. In response to the comprehensiveness of X.500, the lightweight data access protocol (LDAP) was developed.
LDAP is a set of protocols for accessing information directories. LDAP is based on some sections of X.500. In contrast to the X.500 standard that supports systems that conform to layer 7 of the OSI network reference model, LDAP supports systems that conform to layer 3/4 of the OSI network reference model. Universal Description, Discovery, and Integration (UDDI) is another directory related protocol. UDDI is a service discovery protocol for Web services.
LDAP and similar standards define a hierarchical directory information tree with different levels for each category of information. A directory information tree has a root node, which contains information about the host directory server. The root node references containers or subdirectories. A container or subdirectory may include additional containers, or may include objects (also referred to as entries, leafs, etc.), which is a basic storage element of the directory information tree. A unique identifier (UID) names each object of an information directory tree. An object's distinguished name (DN) identifies the path from the root to the object and the unique identifier for the object.
For example, assume a company maintains a directory information tree. The root node of the DIT indicates information about the directory server that hosts the DIT and the name of the company. The root node references two containers: 1) employees; and 2) customers. The employee container includes objects that indicate names, telephone numbers, and addresses of employees of the company. Likewise, the customer container includes objects that indicate the same information for customers of the company. The UID for each person, whether employee or customer, is their name. The DN for each customer would be the path to the customer object, which would include the company name (root node), the customer container, and the UID for the relevant customer.
Users that access DITs make read type requests and write type requests. Write type requests include create operations, update operations, etc. Read type requests include search operations, compare operations, etc. Organizations typically allow anonymous users to have read type access to their DITs. Organizations typically do not allow such liberal access for writing to their DITs. In addition, certain branches of a DIT may be restricted from categories of users, especially anonymous users. To access restricted information or to perform restricted operations, a user is authenticated to the directory server that hosts the target information. Typically a directory server hosts security credentials of those users authorized to access the information on the directory server.
Some DITs represent a massive amount of information. Storing all of the information for one of these large DITs overwhelms typical network resources. If a DIT includes hundreds of thousands of entries and is repeatedly accessed, performance of the host directory server suffers. In addition, throughput of the network conduit to the directory server is significantly impacted.
Instead of storing an entire DIT on a single directory server, a DIT can be partitioned. A DIT is partitioned according to the organization of the DIT. Using the previous example, an employee directory server hosts all of the employee objects and a customer directory server hosts all of the customer objects.
Unfortunately, DIT partitioning is confined by the organization of containers and does not address significant throughput and performance issues. Using the previous example, if there are a million customers and five hundred thousand employees for the company, partitioning the DIT still places a million objects on the customer directory server and half of a million objects on the employee directory server.