III: Deploying Your Directory Service

Understanding and Deploying LDAP Directory Services > 9. Topology Design > Directory Topology Overview

<  BACK CONTINUE  >
153021169001182127177100019128036004029190136140232051053055078214160055193006000019219

Directory Topology Overview

A directory service can be asked to store a potentially large number of entries ”far more entries, in some cases, than one server can be reasonably expected to hold. To enable a directory to hold such large numbers of entries, it may be necessary for it to reside on more than one server.

A directory t hat resides on more than one server is a distributed directory . When you carve a single directory into manageable chunks and assign them to separate servers, you are partitioning the directory. For example, a large corporation might choose to partition its directory as shown in Figure 9.1.

Figure 9.1 A distributed directory.

The dotted lines surrounding each server computer in Figure 9.1 indicate that the partition resides on that particular server. This is a convention we will use throughout this chapter.

When the directory tree is divided among a number of servers, each server is responsible for only a portion of the tree, which reduces the amount of work it needs to do. Using this principle of dividing a directory namespace into a number of partitions and assigning those partitions to separate servers, the directory can be made to scale to a much larger number of entries than would be possible with a single server. The Domain Name Service (DNS) operates in a similar fashion, with each portion of the DNS namespace (for example, airius.com ) assigned to a particular DNS server that may be replicated to improve availability.

The unit of division is known by several different names depending on the directory server software you are using or the standards documentation you may be reading. Novell Directory Services (NDS) uses the term directory partition , whereas the X.500 standards documents use the term naming context . Both terms mean essentially the same thing, but we'll use the term partition throughout this chapter.

An important point to remember is that the directory itself is responsible for hiding all these partitioning details from the user . As far as users and applications are concerned , there is simply a single directory that answers their directory queries. The actual mechanics of how these details are hidden from users are discussed in detail later in the chapter. For now, simply remember that the various partitions are glued together into a single, logical directory tree from the client's or application's point of view.

A directory partition is a complete subtree of the directory information tree (DIT), minus any subtrees that are held within other partitions. A given directory entry resides in only one directory partition, and all entries within a partition must share a common ancestor known as the partition root . Figure 9.2 shows a very basic directory partition with a partition root of dc=airius, dc=com . The partition, denoted by the dotted line, extends downward from the partition root ( dc=airius, d=com ) and does not exclude any entries. In other words, it is a complete subtree.

Figure 9.2 A DIT contained in a single partition.

It is also possible to selectively exclude subtrees from a partition. In Figure 9.3 , there are two partitions. One is rooted at dc=airius, dc=com and includes all entries beneath dc=airius, dc=com except for those in the other partition. This second partition contains the entry ou=External Customers, dc=airius, dc=com and all entries beneath it.

Figure 9.3 A DIT split into two partitions.

This partitioning arrangement would allow the subtree ou=External Customers, dc=airius, dc=com to reside on a different server than the rest of the directory tree.

Using this principle, you can divide a single large directory tree into a number of smaller partitions. Each partition can be assigned to a separate server, if required, either to handle the client load or because of limits on the number of entries that can be held by a server. For example, Airius's directory could be divided into partitions and assigned to four servers, as shown in Figure 9.4.

Figure 9.4 A DIT partitioned across four servers.

To further clarify the concept of a directory partition, let's also look at some illegal directory partitions. In Figure 9.5, partition 1 is invalid because it contains a "hole": Entry b is missing from the partition. Partition 2 is invalid because it is not a proper subtree: Not all the entries in the partition share a common ancestor. Partitions 3 and 4 are invalid for a similar reason as Partition 2: Although all entries do share a common ancestor, the ancestor is not contained within the partition.

Figure 9.5 Examples of illegal partitions.

Although we've only shown examples in which a given server holds a single partition, this need not be the case. A server can actually hold many directory partitions. For example, a directory server might hold a read-only copy of the top-level partition along with the master copy of a particular organizational unit's partition. Or, an Internet service provider might choose to offer directory services to corporate clients and deploy a number of "virtual" directories on a single server ”with sufficient RAM, CPU, and disk resources, of course.



Understanding and Deploying LDAP Directory Services,  2002 New Riders Publishing

<  BACK CONTINUE  >

Index terms contained in this section

design
          topologies 2nd
                    partitioning 2nd 3rd 4th 5th 6th 7th 8th
directories
          topologies 2nd
                    partitioning 2nd 3rd 4th 5th 6th 7th 8th
directory information tree, see DIt
distibuted directories
          topologies 2nd
                    partitioning 2nd 3rd 4th 5th 6th 7th 8th
DIT (directory information tree)
DNS (Domain Name Service)
Domain Name Service (DNS)
illegal directory partitions
partitioning
          directories 2nd 3rd 4th
                    DIT (directory information tree)
                    excluding subtrees
                    illegal partitions
                    partition roots
roots
          partition
servers
         distributed directories
                    toplogies
subtrees
          excluding from partitions
topologies 2nd
          partitioning 2nd 3rd 4th
                    DIT (directory information tree)
                    excluding subtrees
                    illegal partitions
                    partition roots

2002, O'Reilly & Associates, Inc.



Understanding and Deploying LDAP Directory Services
Understanding and Deploying LDAP Directory Services (2nd Edition)
ISBN: 0672323168
EAN: 2147483647
Year: 1997
Pages: 245

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net