EEC681781 Distributed Computing Systems Lecture 9 Wenbing Zhao
EEC-681/781 Distributed Computing Systems Lecture 9 Wenbing Zhao wenbing@ieee. org Cleveland State University Fall Semester 2006 EEC-681: Distributed Computing Systems
2 Outline • Naming and naming resolution • X. 500 and LDAP • Final due date for project proposal – This Wendesday 11/8 mid-night – You will lose all the credit for the project if you miss this deadline • Modified due date for project progress report – 11/20 Monday mid-night – No extension! Fall Semester 2006 EEC-681: Distributed Computing Systems 2
3 Naming • Names play a very important role in distributed systems. They are used – To share resources – To uniquely identify entities – To refer to locations • Identifier: A name having the following properties: – P 1 Each identifier refers to at most one entity – P 2 Each entity is referred to by at most one identifier – P 3 An identifier always refers to the same entity (prohibits reusing an identifier) Fall Semester 2006 EEC-681: Distributed Computing Systems 3
4 Naming • Name resolution: allow a process to access the named entity – To operate on an entity, we need to access it at an access point – Access points are entities that are named by means of an address – A location-independent name for an entity E, is independent from the addresses of the access points offered by E • In a distributed system, the implementation of a naming system is itself distributed across multiple machines Fall Semester 2006 EEC-681: Distributed Computing Systems 4
5 Name Spaces • Names in a distributed system are organized into a name space • Name spaces offer a convenient mechanism for storing and retrieving information about entities by means of names Fall Semester 2006 EEC-681: Distributed Computing Systems 5
6 Name Spaces • A name space can be represented as a labeled, directed graph with two types of nodes. Each node is considered an entity and associated with an identifier – A leaf node represents a (named) entity – A directory node is an entity that refers to other nodes. A directory node contains a (directory) table of (edge label, node identifier) pairs Fall Semester 2006 EEC-681: Distributed Computing Systems 6
7 Name Spaces • Root node: node has only outgoing and no incoming edges • Path name: a path in a naming graph N: <label-1, label-2, …, label-n> – N: first node in the path – Absolute path name: if N is root, e. g. , n 0: <home, steen, mbox> – Relative path name: if N is not root Fall Semester 2006 EEC-681: Distributed Computing Systems 7
8 Name Spaces • Attributes in a node describe aspects of the entity the node represents: – – – Type of the entity An identifier for that entity Address of the entity’s location Nicknames. . . • Directory nodes can also have attributes, besides just storing a directory table with (edge label, node identifier) pairs Fall Semester 2006 EEC-681: Distributed Computing Systems 8
9 Name Resolution • Name resolution: the process of looking up a name – A name lookup returns the identifier of a node from where the name resolution process continues • Example: Resolve the path name N: <label-1, label-2, …, label-n> – Resolution starts at node N, looks up label-1 in directory table, returns the identifier node to which label-1 refers – Resolution continues at the identified node by looking up the name label-2 in its directory table, and so on – Resolution stops when the node referred to by label-n is found, and the content of that node is returned Fall Semester 2006 EEC-681: Distributed Computing Systems 9
10 Merging Name Spaces • Method 1: Pathnames of different name spaces are concatenated (URLs) ftp: //ftp. cs. vu. nl/pub/steen/ ftp Name of protocol used to talk with server : // Name space delimiter ftp. cs. vu. nl Name of a node representing an FTP server / Name space delimiter pub/steen/ Name of a node in the name space rooted at the context node mapped to the FTP server Fall Semester 2006 EEC-681: Distributed Computing Systems 10
Merging Name Spaces 11 • Method 2: Introduce nodes that contain the name of a node in a “foreign” name space, along with the information how to select the initial context in that foreign name space Mount point: (Directory) node in naming graph that refers to other naming graph Mounting point: (Directory) node in other naming graph that is referred to. Fall Semester 2006 EEC-681: Distributed Computing Systems 11
12 Merging Name Spaces • Method 3: Use only full pathnames, in which the starting context is explicitly identified, and merge by adding a new root node Fall Semester 2006 EEC-681: Distributed Computing Systems 12
13 Implementation of Name Space • Name space distribution • Implementation of name resolution – Iterative resolution – Recursive resolution Fall Semester 2006 EEC-681: Distributed Computing Systems 13
14 Name Space Distribution • Distributing nodes of the naming graph across multiple machines – Distribute the name resolution process, and – Distribute name space management • A hierarchical naming graph: – Global level: high-level directory nodes. These directory nodes have to be jointly managed by different administrations – Administrational level: Mid-level directory nodes. Each group can be assigned to a separate admin. – Managerial level: Low-level directory nodes within a single administration Fall Semester 2006 EEC-681: Distributed Computing Systems 14
Name Space Distribution 15 • An example partitioning of the DNS name space, including Internet-accessible files, into three layers Fall Semester 2006 EEC-681: Distributed Computing Systems 15
16 Implementation of Name Resolution • Each client has access to a local name resolver, which is responsible for ensuring that the name resolution process is carried out • Two types of name resolution – Iterative name resolution – Recursive name resolution Fall Semester 2006 EEC-681: Distributed Computing Systems 16
Iterative Name Resolution Fall Semester 2006 EEC-681: Distributed Computing Systems 17 17
18 Recursive Name Resolution Fall Semester 2006 EEC-681: Distributed Computing Systems 18
19 Recursive Name Resolution Looks up Passes to child Receives and caches Returns to requester <ftp> #<ftp> -- -- #<ftp> vu <cs, ftp> #<cs> <ftp> #<cs> #<cs, ftp> nl <vu, cs, ftp> #<vu> <cs, ftp> #<cs, ftp> #<vu, cs> #<vu, cs, ftp> root <nl, vu, cs, ftp> #<nl> <vu, cs, ftp> #<vu, cs> #<vu, cs, ftp > #<nl, vu> #<nl, vu, cs, ftp> Server for node Should resolve cs Recursive name resolution of <nl, vu, cs, ftp>. Name servers cache intermediate results for subsequent lookups Fall Semester 2006 EEC-681: Distributed Computing Systems 19
20 Iterative vs. Recursive Name Resolution Fall Semester 2006 EEC-681: Distributed Computing Systems 20
21 Directory Service • Directory service: a special kind of naming service in which a client can look for an entity based on a description of properties instead of a full name – Similar to yellow pages – X. 500: OSI directory service Fall Semester 2006 EEC-681: Distributed Computing Systems 21
22 The X. 500 Name Space Attribute Abbr. Value Country C NL Locality L Amsterdam Organization O Vrije Universiteit Organizational. Unit OU Math. & Comp. Sc. Common. Name CN Main server Mail_Servers -- 130. 37. 24. 6, 192. 31. 231. 66 FTP_Server -- 130. 37. 21. 11 WWW_Server -- 130. 37. 21. 11 Fall Semester 2006 EEC-681: Distributed Computing Systems 22
23 X. 500 Terminologies • Distinguished name (DN): the name that (globally) uniquely identifies an entry in the directory • A DN is made up of attribute=value pairs, separated by commas, for example: – cn=Ben Gray, ou=editing, o=New York Times, c=US – cn=Lucille White, ou=editing, o=New York Times, c=US – cn=Tom Brown, ou=reporting, o=New York Times, c=US Fall Semester 2006 EEC-681: Distributed Computing Systems 23
24 X. 500 Terminologies • Relative Distinguished Name (RDN): uniquely identifies the object within its parent container – For example, the RDN of a computer named my computer is CN=mycomputer – For example, users cannot have the same name within an organizational unit • Directory Information Base (DIB): collection of all directory entries Fall Semester 2006 EEC-681: Distributed Computing Systems 24
25 Directory Information Tree • Part of the directory information tree – Listing RDNs in sequence – Support two lookup operations • Read • List DN for host star: C=NL/O=VU/OU=MCS/CN=MS/Host_Name=star (Microsoft Active Directory style) Host_Name=start, CN=MS, OU=MCS, O=VU, C=NL (LDAP style) Fall Semester 2006 EEC-681: Distributed Computing Systems 25
26 X. 500 Implementation • Directory Service Agents (DSAs) • Directory User Agents (DUAs) • Searching in a directory service is in general an expensive operation • Lightweight Directory Access Protocol (LDAP) – Easier to use than OSI X. 500 – An application-level protocol implemented on top of TCP => LDAP is a connection-oriented protocol Fall Semester 2006 EEC-681: Distributed Computing Systems 26
27 LDAP • Understanding and Deploying LDAP Directory Services, Second Edition • By Timothy A. Howes - Ph. D. , Mark C. Smith, Gordon S. Good • Publisher: Addison Wesley Professional • Pub Date: April 28, 2003 • http: //proquest. safaribooksonline. com/0672323168 Fall Semester 2006 EEC-681: Distributed Computing Systems 27
28 LDAP Operations • Bind: to start a connection with the LDAP server – The client specifies the protocol version and the client authentication information • Unbind: to terminate the connection with the LDAP server • Search: Used to search the directory – The client specifies the starting point (base object) of the search, the search scope (either the object only, its children, or the subtree rooted at the object), and a search filter – The search results consist of LDAP entries (and the attributes requested) that satisfy the filter Fall Semester 2006 EEC-681: Distributed Computing Systems 28
29 LDAP Operations • Modify: to modify an existing entry – The client specifies the name of the entry to be modified and a list of modifications – Each modification consists of an attribute and information regarding whether its values are to be added, deleted, or replaced • Add: to add a new entry – The client specifies the name of the new entry and a set of attributes for the new entry • Delete: to remove an existing entry – The client specifies the name of the entry to remove Fall Semester 2006 EEC-681: Distributed Computing Systems 29
30 LDAP Operations • Modify RDN: to change the RDN of the last component of an existing entry (that is, to assign the entry a new name in the same context) – The client specifies the DN for the entry and the new RDN • Compare: to test whether an entry has an attribute/value pair – The client specifies the name of the entry and the name and value to check • Abandon: to terminate an outstanding request Fall Semester 2006 EEC-681: Distributed Computing Systems 30
31 LDAP Schema • The LDAP v 3 defines a schema (RFC 2252 and RFC 2256) based on the X. 500 standard for common objects found in a network, such as countries, localities, organizations, users/persons, groups, and devices • A directory schema specifies the types of objects that a directory may have and the mandatory and optional attributes of each object type • Before a directory server stores a new or modified entry, it checks the entry's contents against the schema rules • Whenever directory clients or servers compare two attribute values, they consult the schema to determine what comparison algorithm to use Fall Semester 2006 EEC-681: Distributed Computing Systems 31
32 LDAP Schema • A LDAP schema consists of attribute types, attribute syntaxes, matching rules, and object classes • Attribute types (or simply attributes) hold specific data elements such as a name, business phone number • Attribute syntaxes specify exactly how data values are represented – Binary, DN, Printable. String, etc. • Matching rules specify the rules to compare the values of different attribute types – Case. Exact. Match, case. Ignore. Match, boolean. Match, etc. • Object classes are used to group related information – An object class models a real-world object such as a person, printer – Each directory entry belongs to one or more object classes • Attribute types, attribute syntaxes and object classes all require unique object identifiers (OID) Fall Semester 2006 EEC-681: Distributed Computing Systems 32
33 LDAP Schema Fall Semester 2006 EEC-681: Distributed Computing Systems 33
34 LDAP Schema Example • LDAPv 3 Object Class Schema format – ( OCOID NAME OCNAME [ DESC OCDESC ] [ OBSOLETE ] [ SUPOID ] [ OCKIND ] [ MUST REQATSET ] [ MAY ALLOWATSET ] ) • The Standard person Object Class in LDAPv 3 Format – ( 2. 5. 6. 6 NAME 'person' DESC 'Standard Person Object Class' SUP 'top' STRUCTURAL MUST ( objectclass $ sn $ cn ) MAY ( description $ see. Also $ telephone. Number $ user. Password ) ) Fall Semester 2006 EEC-681: Distributed Computing Systems 34
Java Naming and Directory Interface (JNDI) 35 • JNDI is an application programming interface (API) that provides naming and directory functionality to applications written using the Java programming language • It is defined to be independent of any specific directory service implementation Fall Semester 2006 EEC-681: Distributed Computing Systems 35
Java Naming and Directory Interface Fall Semester 2006 EEC-681: Distributed Computing Systems 36 36
- Slides: 36