This topic provides a description of DCE Directory Service concepts that are important to application developers. Concepts that are specific to GDS are covered in more detail in Part 3. The following concepts are intended to convey general definitions that are applicable to the directory service as a whole rather than specific to a particular directory service component. For more detailed definitions, see the glossary in the Introduction to OSF DCE.
· DCE namespace
The DCE namespace is the collection of names in a DCE environment. It can be made up of several domains, in which different types of servers own the names in different parts of the namespace. Typically, there are two high-level, or global, domains to a DCE namespace: the GDS namespace and the Domain Name System (DNS) namespace. At the next level is the CDS namespace, with names contained in the cell's CDS server. A DCE environment always contains a cell namespace, which is implemented by CDS. Parts of the DCE namespace may not be contained in any of the directory services; for example, the DFS namespace, also called the filespace, contains the names of files and directories in DFS, and the security namespace contains principals and groups contained in the security server.
The term DCE namespace is used when referring to names, but not the information associated with them. For example, it would include the name of a printer in the directory service, but not its associated location attribute, and it would include the name of a DFS file, but not its contents.
· Cell namespace
All of the names found in a single DCE cell comprise the cell's namespace. This includes names managed by the cell's CDS server and security server, names in the cell's DFS if it has one, and any other names that reside within a particular cell.
· Hierarchy
The DCE namespace is organized into a hierarchy; that is, each name except the global root has a parent node and may itself have child nodes or leaves. The leaves are called objects or entries, and in the CDS and DFS namespace, the nodes are called directories.
· Directory
The word directory has two meanings, which can be differentiated by their context. The first is the node of a hierarchy as mentioned in the previous definition. The second is a collection of objects managed by a directory service.
· Directory service
A directory service is software that manages names and their associated attributes. A directory service can store information, be queried about information, and be requested to change information. DCE contains two different directory services: CDS and GDS. It also interacts with a third directory service, DNS, which is not part of DCE.
· Junction
A junction is a point in the DCE namespace where two domains meet. For example, the point where the DFS entries are mounted into a CDS namespace is a junction. DCE also has junctions between the global directory services and CDS, and between CDS and the DCE Security Service.
· Object
The word object can have two meanings, depending on the context. Sometimes it means an entry in a directory service. Sometimes it means a real object that an entry in a directory service describes, such as a printer. In the context of XDS/XOM, the requested data is returned to the application in one or more interface objects, which are data structures that the application can manipulate.
· Entry
An entry is a unit of information in a directory service. It consists of a name and associated attributes. For example, an entry could consist of the name of a printer, its capabilities, and its network address.
- Class
In GDS, each entry has a class associated with it. The class determines what type of entry it is and what attributes may be associated with it.
- Link
A link is one type of object class. This type of object is a pointer to another object; it is similar to a soft link in a UNIX file system. A CDS link is similar to a GDS alias.
· Attribute
If an object is like a complex data structure, then its attributes are analogous to the separate member fields within that structure. Some of an object's attributes may be of significance only to the directory service that manages it. With attributes such as these, a directory service implements objects that contain various kinds of data about the directory itself, thus enabling the service to organize the entries into a meaningful structure. For example, directory objects can contain attributes whose values are other directory objects (called child directories or subdirectories) in the directory. Or link objects can contain attributes whose values are the names and internal identifiers of other directory entries, making a link object's entry name an alias of the other object to which its attributes indirectly refer.
- Type
Every attribute is characterized as being of a certain type. The attribute is used to hold a certain kind of data, such as a zip code or the name of a cat. Entries can also be classified by type; for entries, the term used is class.
- Value
An attribute can have one or more values.
· Object identifier
Directory attributes are uniquely identified by object identifiers (OIDs), which are administered by the International Organization for Standardization (ISO). In GDS, OIDs are also used to identify object classes. When it creates new attribute types, an application is responsible for tagging them with new, properly allocated OIDs (see your directory service administrator for OID assignments). In CDS, attribute types are identified by strings, which can be representations of OIDs.
· Name
A DCE name corresponds to an entry in some service participating in the DCE namespace, usually a directory service.
- Global name
A global name is a name that contains a path through one of the global namespaces (GDS or DNS).
- Local name
A local name is a name that uses the cell prefix /.: to indicate the cell name and therefore does not have a specific path through a global namespace. The entry for a local name is always contained in the local cell.
· Access control list
Access to DCE namespace entries is determined by lists of entities that are attached through the DCE Security Service to both the entries and the objects when they are created. The lists, called access control lists, specify the privileges that an entity or group of entities has for the entry the ACL is associated with. The security service provides servers with authenticated identification of every entity that contacts them; it is then the server's responsibility to check the ACL attached to the object that the potential client wants to access, and perform or refuse to perform the requested operation on the basis of what it finds there. The ACLs are checked using security service library routines.
Objects in the GDS namespace have ACLs associated with them, but they are not security service ACLs.
· Replication
The DCE Directory Service can keep replicas (copies) of its data on different servers. This means that if one server is unavailable, clients can still obtain information from another server.
· Caching
Both the CDS and GDS components of the directory service support caching of data on the client machine. When a client requests a piece of data from the directory service for the first time, the information must be obtained over the network from a server. However, the data can then be cached (stored) on the local machine, and subsequent requests for the same data can be satisfied more quickly by looking in the local cache instead of sending a request over the network. Programmers need to be aware of caching because in some cases you will want to bypass the cache to ensure that the data you obtain is as up-to-date as possible.