GDS Names
The operation of GDS is similar to that of CDS, but some important differences exist in the structure of names and the ways they can be looked up. Like CDS, GDS has a server process that provides access to and management of names. This process is called a Directory System Agent (DSA). The combined knowledge of all DSAs that participate in the same global directory service implementation is called the Directory Information Base (DIB). This collective knowledge is viewed as a single global directory consisting of many entries.
Information exists in the global directory in the form of a rooted hierarchy that is called a Directory Information Tree (DIT). The DIT is similar to a CDS namespace. However, unlike a namespace, which has no inherent rules regarding structure and content, the GDS hierarchy is influenced by a set of rules that is called a schema. Every X.500 DSA must define a standard schema to which all of the entries in its portion of the DIB conform.
Although the X.500 standard does not mandate a specific schema, it does make general recommendations that are based largely on existing X.400 standards for electronic mail. For example, countries and organizations should be named close to the root of the DIT; people, applications, and devices should be named further down in the hierarchy. GDS supplies a default schema that complies with these recommendations.
Every GDS entry has a distinguished name, which uniquely and unambiguously identifies that entry. The distinguished name consists of a sequence of valid Relative Distinguished Names (RDNs). Each RDN consists of one or more assertions of the type and value of an attribute at a particular position in the DIT. Attribute types indicate the nature of the information that is stored in the attribute value. A pair consisting of an attribute type and value is known as an Attribute Value Assertion (AVA). RDNs can have multiple AVAs. For example, the distinguished name
/C=us/O=osf/OU=branch1/CN=nollman,OU=doc-team
consists of four RDNs. The final RDN consists of two AVAs that are separated by a comma.
The following figure illustrates the concepts of RDNs and distinguished names and how they relate to the DIT. The figure shows the following:
· A DIT consisting of a hierarchy of schema-defined attribute types
· RDNs that result from assertions of an attribute type and value
· Distinguished names that result from a concatenation of the RDNs
RDNs and Distinguished Names
The shaded boxes in the DIT represent the entries that are named in the column labeled Relative Distinguished Name. The schema dictates that countries are named directly below the root, followed by organizations, organization units, and names of users. Each attribute value that makes up an RDN (and thus a distinguished name) is called a distinguished value.
As the rightmost column in the figure illustrates, the distinguished name of the entry at each level of the DIT is a concatenation of RDNs from the root of the global directory to that entry's level. The lowest entry in the hierarchy, /.../C=US/O=ABC/OU=Sales/CN=Smith, represents the name of a user, John Smith, who works in the sales division of ABC Company, an organization in the United States. The abbreviated attribute type labels stand for Country (C), Organization (O), Organization Unit (OU), and Common Name (CN).
Note that the figure shows the global DCE convention for distinguished names. Each distinguished name starts with the representation of the global root (/...). Attribute types and values are separated by equal signs, and RDNs are separated by slashes. These conventions for specifying names are not followed by all X.500 implementations. In addition, these conventions are only used at the GDS administration interface level. Internally, distinguished names are specified in other ways.
The structure of GDS names points out another important difference between GDS and CDS. A CDS name is distinct from its attributes; that is, it consists of a string of directory names ending with the simple name of the entry. In contrast, a GDS name consists solely of a series of attribute types and their values.
The following figure illustrates this difference in the construction of CDS and GDS names. The CDS full name /.:/Admin/Personnel/Employee_DB is the complete directory specification of an entry with the simple name Employee_DB. Attributes and their values are not a part of the CDS full name. The GDS distinguished name /.../C=US/O=ABC/OU=Sales is a concatenation of attribute types and values, one from each level of a DIT schema.
Comparison of CDS and GDS Names
GDS supports the ability to search for names by supplying the values of one or more attributes. This results in what is called descriptive naming; in a sense, users can describe the name they are looking for. Although the search capability is valuable, it can be expensive and time-consuming, so GDS allows users to restrict the scope of a search. Support for the search operation is limited to the GDS environment.