Distributed Directory Services
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
This document analyses Distributed Directory Services and provides an introduction to them; along with an exploration of some of the technical and organizational aspects of such services for companies planning to deploy a directory service for their organization.
In Lightweight Directory Access Protocol (LDAP) version 3 an extensible security model is defined. It is based on the Simple Authentication and Security Layer (SASL), which allows for integrity and privacy services to be negotiated. Implementing LDAP over Secure Sockets Layers (SSL) enables user authentication, data encryption, and data integrity protection so files cannot be altered after they are transmitted.
Performance measurement, made as a part of this project, show that a shallow Directory Information Tree (DIT) structure is faster to access that a deeper one. Hence, the structure should be as shallow as possible, but without sacrificing maintainability. To lower the cost of managing or synchronizing multiple directories, organizations should deploy a directory service, which as many applications as possible can share.
Replication between servers is desirable. It will increase the performance and reliability of the directory service. If a server fails there will be another one which can take over. Regarding replication schemes I have found the multi-master scheme, although more complicated in terms of administration, much better due to the better reliability and performance.
Place, publisher, year, edition, pages
1998. , 115 p.
IdentifiersURN: urn:nbn:se:kth:diva-95471OAI: oai:DiVA.org:kth-95471DiVA: diva2:528532
Subject / course
Master of Science in Engineering - Electrical Engineering
1998-10-08, Seminar room "Telegrafen", Isafjordsgatan 22, Kista, 15:00 (Swedish)
Maguire Jr., Gerald Q., ProfessorStöp, TommyThurfjell, Niklas
Maguire Jr., Gerald Q., Professor