EEC-681/781 Distributed Computing Systems

EEC-681/781EEC-681/781Distributed Computing Distributed Computing

SystemsSystems

Lecture 9Lecture 9

Wenbing ZhaoWenbing [email protected]

Cleveland State UniversityCleveland State University

22

Fall Semester 2008Fall Semester 2008 EEC-681: Distributed Computing SystemsEEC-681: Distributed Computing Systems Wenbing ZhaoWenbing Zhao

OutlineOutline• Naming and naming resolution• X.500 and LDAP

33


NamingNaming

• Names play a very important role in distributed systems. They are used – To share resources– To uniquely identify entities– To refer to locations

• Identifier: A name having the following properties:– P1 Each identifier refers to at most one entity– P2 Each entity is referred to by at most one identifier– P3 An identifier always refers to the same entity

(prohibits reusing an identifier)

44


NamingNaming• Name resolution: allow a process to access the

named entity– To operate on an entity, we need to access it at an

access point– Access points are entities that are named by means

of an address– A location-independent name for an entity E, is

independent from the addresses of the access points offered by E

• In a distributed system, the implementation of a naming system is itself distributed across multiple machines

55


Name SpacesName Spaces

• Names in a distributed system are organized into a name space

• Name spaces offer a convenient mechanism for storing and retrieving information about entities by means of names

66


Name Spaces Name Spaces • A name space can be represented as a labeled, directed

graph with two types of nodes. Each node is considered an entity and associated with an identifier– A leaf node represents a (named) entity– A directory node is an entity that refers to other nodes. A directory

node contains a (directory) table of (edge label, node identifier) pairs

77


Name SpacesName Spaces• Root node: node has only outgoing and no incoming edges• Path name: a path in a naming graph

N:<label-1, label-2, …, label-n>– N: first node in the path– Absolute path name: if N is root, e.g., n0:<home, steen, mbox>– Relative path name: if N is not root

88


Name ResolutionName Resolution

• Name resolution: the process of looking up a name– A name lookup returns the identifier of a node from where the

name resolution process continues

• Example: Resolve the path nameN:<label-1, label-2, …, label-n>– Resolution starts at node N, looks up label-1 in directory table,

returns the identifier node to which label-1 refers– Resolution continues at the identified node by looking up the

name label-2 in its directory table, and so on– Resolution stops when the node referred to by label-n is found,

and the content of that node is returned

99


Merging Name SpacesMerging Name Spaces

• Method 1: Pathnames of different name spaces are concatenated (URLs) ftp://ftp.cs.vu.nl/pub/steen/ ftp Name of protocol used to talk with server :// Name space delimiter ftp.cs.vu.nl Name of a node representing an FTP server / Name space delimiter pub/steen/ Name of a node in the name space rooted

at the context node mapped to the FTP server

1010


Merging Name SpacesMerging Name Spaces• Method 2: Introduce nodes that contain the name of a

node in a “foreign” name space, along with the information how to select the initial context in that foreign name space

Mount point: (Directory) node in naming graph that refers to other naming graphMounting point: (Directory) node in other naming graph that is referred to.

1111


Merging Name SpacesMerging Name Spaces• Method 3: Use only full pathnames, in which the starting

context is explicitly identified, and merge by adding a new root node

1212


Implementation of Name SpaceImplementation of Name Space

• Name space distribution

• Implementation of name resolution– Iterative resolution– Recursive resolution

1313


Name Space DistributionName Space Distribution• Distributing nodes of the naming graph across

multiple machines– Distribute the name resolution process, and– Distribute name space management

• A hierarchical naming graph:– Global level: high-level directory nodes. These directory

nodes have to be jointly managed by different administrations

– Administrational level: Mid-level directory nodes. Each group can be assigned to a separate admin.

– Managerial level: Low-level directory nodes within a single administration

1414


Name Space DistributionName Space Distribution• An example partitioning of the DNS name space,

including Internet-accessible files, into three layers

1515


Implementation of Name ResolutionImplementation of Name Resolution

• Each client has access to a local name resolver, which is responsible for ensuring that the name resolution process is carried out

• Two types of name resolution– Iterative name resolution– Recursive name resolution

1616


Iterative Name Resolution Iterative Name Resolution

1717


Recursive Name Resolution Recursive Name Resolution

1818


Recursive Name Resolution Recursive Name Resolution

Recursive name resolution of <nl, vu, cs, ftp>. Name servers cache intermediate results for subsequent lookups

Server for node

Should resolve

Looks upPasses to child

Receives and caches

Returns to requester

cs <ftp> #<ftp> -- -- #<ftp>

vu <cs,ftp> #<cs> <ftp> #<ftp> #<cs>#<cs, ftp>

nl <vu,cs,ftp> #<vu> <cs,ftp> #<cs>#<cs,ftp>

#<vu>#<vu,cs>#<vu,cs,ftp>

root <nl,vu,cs,ftp> #<nl> <vu,cs,ftp> #<vu>#<vu,cs>#<vu,cs,ftp>

#<nl>#<nl,vu>#<nl,vu,cs>#<nl,vu,cs,ftp>

1919


Iterative vs. Recursive Name ResolutionIterative vs. Recursive Name Resolution

2020


Directory ServiceDirectory Service

• Directory service: a special kind of naming service in which a client can look for an entity based on a description of properties instead of a full name– Similar to yellow pages– X.500: OSI directory service

2121


The X.500 Name SpaceThe X.500 Name Space

Attribute Abbr. Value

Country C NL

Locality L Amsterdam

Organization O Vrije Universiteit

OrganizationalUnit OU Math. & Comp. Sc.

CommonName CN Main server

Mail_Servers -- 130.37.24.6, 192.31.231,192.31.231.66

FTP_Server -- 130.37.21.11

WWW_Server -- 130.37.21.11

2222


X.500 TerminologiesX.500 Terminologies

• Distinguished name (DN): the name that (globally) uniquely identifies an entry in the directory

• A DN is made up of attribute=value pairs, separated by commas, for example:– cn=Ben Gray,ou=editing,o=New York Times,c=US – cn=Lucille White,ou=editing,o=New York Times,c=US – cn=Tom Brown,ou=reporting,o=New York Times,c=US

• A DN is formed by the concatenation of selected attributes from each RDN in the tree along a path leading from the root down to the named entry

2323


X.500 TerminologiesX.500 Terminologies

• Relative Distinguished Name (RDN): uniquely identifies the object within its parent container– For example, the RDN of a computer named my

computer is CN=mycomputer– For example, users cannot have the same name

within an organizational unit • Directory Information Base (DIB): collection of all

directory entries

2424


Directory Information TreeDirectory Information Tree• Part of the directory

information tree – Listing RDNs in

sequence– Support two lookup

operations• Read• List

DN for host star: C=NL/O=VU/OU=MCS/CN=MS/Host_Name=star (Microsoft Active Directory style)Host_Name=start, CN=MS, OU=MCS, O=VU, C=NL (LDAP style)

2525


X.500 ImplementationX.500 Implementation

• Directory Service Agents (DSAs)• Directory User Agents (DUAs)• Searching in a directory service is in general an

expensive operation• Lightweight Directory Access Protocol (LDAP)

– Easier to use than OSI X.500– An application-level protocol implemented on top of TCP

=> LDAP is a connection-oriented protocol

2626


LDAPLDAP• Understanding and Deploying LDAP Directory

Services, Second Edition• By Timothy A. Howes - Ph.D., Mark C. Smith,

Gordon S. Good• Publisher: Addison Wesley Professional• Pub Date: April 28, 2003

• http://proquest.safaribooksonline.com/0672323168

2727


LDAP OperationsLDAP Operations• Bind: to start a connection with the LDAP server

– The client specifies the protocol version and the client authentication information

• Unbind: to terminate the connection with the LDAP server

• Search: Used to search the directory– The client specifies the starting point (base object) of

the search, the search scope (either the object only, its children, or the subtree rooted at the object), and a search filter

– The search results consist of LDAP entries (and the attributes requested) that satisfy the filter

2828


LDAP OperationsLDAP Operations

• Modify: to modify an existing entry– The client specifies the name of the entry to be

modified and a list of modifications– Each modification consists of an attribute and

information regarding whether its values are to be added, deleted, or replaced

• Add: to add a new entry– The client specifies the name of the new entry and a

set of attributes for the new entry• Delete: to remove an existing entry

– The client specifies the name of the entry to remove

2929


LDAP OperationsLDAP Operations

• Modify RDN: to change the RDN of the last component of an existing entry (that is, to assign the entry a new name in the same context)– The client specifies the DN for the entry and the new

RDN• Compare: to test whether an entry has an

attribute/value pair– The client specifies the name of the entry and the

name and value to check• Abandon: to terminate an outstanding request

3030


LDAP SchemaLDAP Schema

• The LDAP v3 defines a schema (RFC 2252 and RFC 2256) based on the X.500 standard for common objects found in a network, such as countries, localities, organizations, users/persons, groups, and devices

• A directory schema specifies the types of objects that a directory may have and the mandatory and optional attributes of each object type

• Before a directory server stores a new or modified entry, it checks the entry's contents against the schema rules

• Whenever directory clients or servers compare two attribute values, they consult the schema to determine what comparison algorithm to use

3131


LDAP SchemaLDAP Schema• A LDAP schema consists of attribute types, attribute

syntaxes, matching rules, and object classes • Attribute types (or simply attributes) hold specific data elements such

as a name, business phone number • Attribute syntaxes specify exactly how data values are represented

– Binary, DN, PrintableString, etc.

• Matching rules specify the rules to compare the values of different attribute types– CaseExactMatch, caseIgnoreMatch, booleanMatch, etc.

• Object classes are used to group related information– An object class models a real-world object such as a person, printer– Each directory entry belongs to one or more object classes

• Attribute types, attribute syntaxes and object classes all require unique object identifiers (OID)

3232


LDAP SchemaLDAP Schema

3333


LDAP Schema ExampleLDAP Schema Example• LDAPv3 Object Class Schema format

– ( OCOID NAME OCNAME [ DESC OCDESC ] [ OBSOLETE ] [ SUP SUPOID ] [ OCKIND ] [ MUST REQATSET ] [ MAY ALLOWATSET ] )

• The Standard person Object Class in LDAPv3 Format– ( 2.5.6.6

NAME 'person' DESC 'Standard Person Object Class' SUP 'top' STRUCTURAL MUST ( objectclass $ sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) )

3434


Java Naming and Directory Java Naming and Directory Interface (JNDI)Interface (JNDI)

• JNDI is an application programming interface (API) that provides naming and directory functionality to applications written using the Java programming language

• It is defined to be independent of any specific directory service implementation

3535


Java Naming and Directory Java Naming and Directory InterfaceInterface

Documents

EEC-681/781 Distributed Computing Systems