Return to the lecture notes index
April 21 and 23, 2007 (Lecture 31)


One of the most important problems in a distributed system is that of naming. In a large distrbuted system, objects need unique identifiers, e.g. names. The names need to be unique, yet because of scale, can't necessarily be assigned by a signle authority. And, these names need to be well-known, or at least readily knowable. Without these properties, a distributed system is a world of disconnected islands, not a functioning community.

One of the most successful distributed systems of all time is the distributed system that manages names for the Internet, the Domain Name System (DNS). It is also an excellent example of a distributed Directory Service.

A directory service is nothing more than it sounds to be -- a service that allows one, given a key, to find an entity. More conventional directory services include the White Pages and the Yellow Pages. And that little black book...

The DNS system is a directory service that distributes the names of all of the hosts in the Internet across the entire Internet, and allows any host to perform a lookup of any other hosts IP address by name or vice-versa.

And, I can't begin to tell you how much of an improvement this is over the old system -- which, believe it or not, was to register new systems with a central authority that added them to a long plain-text list. And then, periodically, downloading a copy of this list and updating the copy on your system. Ouch!

Names vs. IP Addresses

The Pieces

The Name Space

Top Level Domains

Primary and Secondary Name Servers

Root Name Servers

Iterative Queries

Recursive Queries


Pointer Queries

Resource Records

X.500 and LDAP

DNS is an effective directory service -- but it only solves one very small slice of the pie. It handles DNS queries, and nothing else. It holds DNS information and (almost) nothing else. X.500 is a directory service designed to solve the more general problem.

It is a standard in the sense that it is defined by IT and OSI. Its specification reads more-or-less like a network protocol, and leaves the implementation to the implementor. Instead, only the interfaces and behaviors are designed.

My point into discussing it isn't to go into a detailed discussion of yet another "standard by abbreviation-enabled committee". Instead it is just to observe its similarity in design to DNS and to reinforce the idea that DNS is, in my estimation, the most successful distributed system, ever -- and a great system to consider a model.

The collection of information stored in the X.500 space is known as the Directory Information Base (DIB). This information is organized in the form of a distributed tree known as the Distributed Information Tree (DIT). The nodes of this tree are the X.500 servers run by various organizations. These servers are known as Directory Service Agents (DSAs). Clients are, no surprise, known as Directory User Agents (DUAs).

The DIT, which is composed of the DSAs, is organized much as is DNS. It is distributed among the hosts, and has an unnamed root. Much as DNS uses dot-separated hierarchical names, X.500 uses names, using a notation similar to a URL or directory path. The name is the path from the root to the node. This graph is more-or-less a hierarchical tree, whcih begins with the unnamed root, then moves to the country, then the organization, then the division, and so on.

Each record consists of a collection attributes ad values. The type of each attribute must be specified, and must be one of many defined by a standard. A search is completed by searching the appropriate node of the tree -- the node named by the full path.

The Light-weight Directory Access protocol (LDAP) is an interface to X.500 which uses directly, and by definition, relies on TCP/IP. And, as indicated by the name, is "light-weight" -- it eliminates much of the bulk that resulted from satisfying "the committee".

Although LDAP was designed to provide a nice interface to X.500, it can technically be used with any database that provides the minimal functionality that it needs and that has a compatible interface.

These days, LDAP is probably best known for University faculty/staff/student directory services and OS login databases.