Understanding and Deploying LDAP Directory Services > 9. Topology Design > Directory Topology Overview |
Directory Topology OverviewA directory service can be asked to store a potentially large number of entries ”far more entries, in some cases, than one server can be reasonably expected to hold. To enable a directory to hold such large numbers of entries, it may be necessary for it to reside on more than one server. A directory t hat resides on more than one server is a distributed directory . When you carve a single directory into manageable chunks and assign them to separate servers, you are partitioning the directory. For example, a large corporation might choose to partition its directory as shown in Figure 9.1. Figure 9.1 A distributed directory.The dotted lines surrounding each server computer in Figure 9.1 indicate that the partition resides on that particular server. This is a convention we will use throughout this chapter. When the directory tree is divided among a number of servers, each server is responsible for only a portion of the tree, which reduces the amount of work it needs to do. Using this principle of dividing a directory namespace into a number of partitions and assigning those partitions to separate servers, the directory can be made to scale to a much larger number of entries than would be possible with a single server. The Domain Name Service (DNS) operates in a similar fashion, with each portion of the DNS namespace (for example, airius.com ) assigned to a particular DNS server that may be replicated to improve availability. The unit of division is known by several different names depending on the directory server software you are using or the standards documentation you may be reading. Novell Directory Services (NDS) uses the term directory partition , whereas the X.500 standards documents use the term naming context . Both terms mean essentially the same thing, but we'll use the term partition throughout this chapter. An important point to remember is that the directory itself is responsible for hiding all these partitioning details from the user . As far as users and applications are concerned , there is simply a single directory that answers their directory queries. The actual mechanics of how these details are hidden from users are discussed in detail later in the chapter. For now, simply remember that the various partitions are glued together into a single, logical directory tree from the client's or application's point of view. A directory partition is a complete subtree of the directory information tree (DIT), minus any subtrees that are held within other partitions. A given directory entry resides in only one directory partition, and all entries within a partition must share a common ancestor known as the partition root . Figure 9.2 shows a very basic directory partition with a partition root of dc=airius, dc=com . The partition, denoted by the dotted line, extends downward from the partition root ( dc=airius, d=com ) and does not exclude any entries. In other words, it is a complete subtree. Figure 9.2 A DIT contained in a single partition.It is also possible to selectively exclude subtrees from a partition. In Figure 9.3 , there are two partitions. One is rooted at dc=airius, dc=com and includes all entries beneath dc=airius, dc=com except for those in the other partition. This second partition contains the entry ou=External Customers, dc=airius, dc=com and all entries beneath it. Figure 9.3 A DIT split into two partitions.This partitioning arrangement would allow the subtree ou=External Customers, dc=airius, dc=com to reside on a different server than the rest of the directory tree. Using this principle, you can divide a single large directory tree into a number of smaller partitions. Each partition can be assigned to a separate server, if required, either to handle the client load or because of limits on the number of entries that can be held by a server. For example, Airius's directory could be divided into partitions and assigned to four servers, as shown in Figure 9.4. Figure 9.4 A DIT partitioned across four servers.To further clarify the concept of a directory partition, let's also look at some illegal directory partitions. In Figure 9.5, partition 1 is invalid because it contains a "hole": Entry b is missing from the partition. Partition 2 is invalid because it is not a proper subtree: Not all the entries in the partition share a common ancestor. Partitions 3 and 4 are invalid for a similar reason as Partition 2: Although all entries do share a common ancestor, the ancestor is not contained within the partition. Figure 9.5 Examples of illegal partitions.Although we've only shown examples in which a given server holds a single partition, this need not be the case. A server can actually hold many directory partitions. For example, a directory server might hold a read-only copy of the top-level partition along with the master copy of a particular organizational unit's partition. Or, an Internet service provider might choose to offer directory services to corporate clients and deploy a number of "virtual" directories on a single server ”with sufficient RAM, CPU, and disk resources, of course.
|
Index terms contained in this sectiondesigntopologies 2nd partitioning 2nd 3rd 4th 5th 6th 7th 8th directories topologies 2nd partitioning 2nd 3rd 4th 5th 6th 7th 8th directory information tree, see DIt distibuted directories topologies 2nd partitioning 2nd 3rd 4th 5th 6th 7th 8th DIT (directory information tree) DNS (Domain Name Service) Domain Name Service (DNS) illegal directory partitions partitioning directories 2nd 3rd 4th DIT (directory information tree) excluding subtrees illegal partitions partition roots roots partition servers distributed directories toplogies subtrees excluding from partitions topologies 2nd partitioning 2nd 3rd 4th DIT (directory information tree) excluding subtrees illegal partitions partition roots |
2002, O'Reilly & Associates, Inc. |