PreviousNext

The GDS Database

The GDS database is a hierarchical, object-oriented database. The OSF DCE reference implementation of GDS uses the C-ISAM database software. The information that makes up the Global Directory Service takes the following forms:

· Object Entry

An object entry is an entry in the database that names and describes an object, such as a person, machine, or server. It consists of one or more attributes, and each of the attributes has a type and a value. For example, an attribute type might be COMMON NAME (or CN) and the value might be snowpaws; another attribute might be type MACHINE ADDRESS and the value might be 100.100.1.177. Some attributes may have more than one value. Each object entry has an attribute of type OBJECT CLASS, and its value specifies what the object's class is, which determines what other attributes the object entry has. The name of an entry consists of one or more of its attributes (see the following figure).


GDS Object Entry

· Relative Distinguished Name (RDN)

The name attribute of an object contains the object's Relative Distinguished Name. An RDN contains both the type and value of the naming attribute; for example, CN = snowpaws or MACHINE NAME = MachineA. (In DCE Directory Service notation, the type and value of an attribute are separated by an equal sign.)

· Distinguished Name (DN)

The Distinguished Name is the concatenation of the object's RDN and the RDNs of all its ancestors in the GDS naming hierarchy, like a full pathname for a file in a UNIX file system. An example of a DN might be /.../C=US/O=OSF/OU=DCE/CN=snowpaws. (In DCE Directory Service notation, the RDNs are separated by slashes.)

· Directory Information Base (DIB)

The Directory Information Base consists of all the object entries in all the Directory Service Agents in GDS.

· Directory Information Tree (DIT)

The Directory Information Tree is the structure of the GDS namespace; it determines the hierarchy of GDS names. For example, the DIT might specify that the only entries that can come directly under the DIT root are entries describing countries, such as /.../C=US or /.../C=JP.

· Directory Schema

The Directory Schema contains structuring rules for the GDS information. This includes object classes, their attributes, and their syntax.

· Authentication

The directory service supports simple user authentication using name and password. In addition to simple authentication, GDS supports DCE authentication as a security method for accessing DSAs in the DCE environment. DCE Authentication requires that users and the DSAs these users want to access are registered in the DCE registry. The extended attributes feature of the DCE registry is used for this purpose.

· GDS Access Control Lists

GDS internally uses access control lists, but GDS ACLs are different from other DCE ACLs. It specifies permission to access the object's attributes. The attributes can be classified as PUBLIC, STANDARD, or SENSITIVE. The object's ACL grants a user or group of users five different types of permission: modify PUBLIC attributes, read or modify STANDARD attributes, read or modify SENSITIVE attributes. When a new object entry is created in the GDS directory, it inherits the security characteristics of its parent entry by default. An object entry's ACLs are attributes of the object entry.