Directory Topology Overview

A directory service can be asked to store a potentially large number of entries. We have encountered directories with up to 100 million entries. Depending on your directory software, that number may be more than one server can reasonably be expected to hold. To enable a directory to hold such large numbers of entries, it may be necessary to divide the directory database across multiple servers.

A directory that resides on more than one server is a distributed directory . When you carve a single directory into manageable chunks and assign them to separate servers, you are partitioning the directory. For example, a large corporation might choose to partition its directory as shown in Figure 10.1.

The dotted lines surrounding each server computer in Figure 10.1 indicate that the partition resides on that particular server. We will use this convention throughout this chapter.

When the directory tree is divided among multiple servers, each server is responsible for only a portion of the tree, which reduces the amount of work it needs to do. Using this principle of dividing a directory namespace into partitions and assigning those partitions to separate servers, a directory can scale to a much larger number of entries than would be possible with a single server. The Domain Name System (DNS) operates similarly, with each portion of the DNS namespace (for example, example.com ) assigned to a particular DNS server that may be replicated to improve availability.

An important point to remember is that the directory itself is responsible for hiding all these partitioning details from the user . As far as users and applications are concerned , a single directory answers their directory queries. The mechanics of how these details are hidden from users are discussed in detail later in this chapter. For now, simply remember that the various partitions are glued together into a single, logical directory tree from the client's or application's point of view.

Definition of a Partition

A directory partition is a complete subtree of the directory information tree (DIT), minus any subtrees held within other partitions. A given directory entry resides in only one directory partition, and all entries within a partition must share a common ancestor known as the partition root . Figure 10.2 shows a basic directory partition with a partition root of dc=example,dc=com . The partition, denoted by the dotted line, extends downward from the partition root ( dc=example,dc=com ) and does not exclude any entries. In other words, it is a complete subtree.

It is also possible to selectively exclude subtrees from a partition. In Figure 10.3 there are two partitions. One is rooted at dc=example,dc=com and includes all entries beneath dc=example,dc=com except for those in the other partition. This second partition contains the entry ou=External Customers,dc=example,dc=com and all entries beneath it. This partitioning arrangement would allow the subtree ou=External Customers, dc=example,dc=com to reside on a different server from the rest of the directory tree.

Using this principle, you can divide a single large directory tree into multiple smaller partitions. Each partition can be assigned to a separate server, if required, either to handle the client load or to accommodate limits on the number of entries that can be held by a server. For example, example.com 's directory could be divided into partitions and assigned to four servers, as shown in Figure 10.4.

To further clarify the concept of a directory partition, let's also look at some illegal directory partitions. In Figure 10.5, Partition 1 is invalid because it contains a "hole": Entry b is missing from the partition. Partition 2 is invalid because it is not a proper subtree: Not all the entries in the partition share a common ancestor. Partitions 3 and 4 are invalid for a similar reason as Partition 2: Although all entries do share a common ancestor, the ancestor is not contained within the partition.

Although we've shown only examples in which a given server holds a single partition, this need not be the case. A server can actually hold many directory partitions. For example, a directory server might hold a read-only copy of the top-level partition, along with the master copy of a particular organizational unit's partition. Alternatively, an Internet service provider might choose to offer directory services to corporate clients and deploy several "virtual" directories on a single server ”one that has sufficient RAM, CPU, and disk resources, of course.