Introduction to NDS Development

1
Introduction to NDS Development
2
Why Are You Here?

• There are a gazillion users on different
  directory services
• What are the different directory services about
  and how are you going to develop code that can
  make use of them?

3
QuestionIn Your Application, Do You

• 1. Have your own information store?
• 2. Have your own security infrastructure?
• 3. Have a service locator?
• 4. Have your own management tool?

4
What Kinds of Solutions?

• Directory enabled solutions
• Single login for in-house applications
• Extend the directory for application use
• Add date-of-birth and shirt size to user
• Secure, centralized storage of information
• Network administration applications
• Limit functionality for certain administrators
• User interface of your own design

5
Agenda

• Directory overview
• X.500
• Lightweight Directory Access Protocol (LDAP)
• Novell Directory Services (NDS)

6
Agenda (cont.)

• Developer interfaces
• C interfaces
• ActiveX
• Active Directory Services Interface (ADSI)
• Java Naming Directory Interface (JNDI)
• JavaBeans
• Open Database Connectivity (ODBC)
• NetBASIC
• developer.novell.com/ndk/devenvir.htm

7
Directory API Overview
Application
USER
Bean
ActiveX
NMX
ODBC
NCA
RAD
JNDI
ADSI
CORBA
OBJECT
NDS API
LDAP
C APIs
DIRECTORIES
NDS
DNS
NIS
8
What Is a Directory?
9
The Directory Organizes Information

• Client computers
• Applications
• Network users
• Networked devices

10
What Is NDS?

• Based on X.500 standards
• Proven global object repository
• Cornerstone of Novell's Full Service Intranet
  offering

11
Full Service IntranetForrester Research March
1996

• Directory
• Network management
• E-mail
• File
• Print

12
What Is a Directory Enabled Application?

• An application which uses or contributes to the
  collection of information stored in the directory
• Applications that require user lists
• Resource management
• Backup software
• Access control (security)
• Service location
• Extensible application

13
Why Use a Directory?

• Why use NDS?
• Why build directory enabled applications?

14
For the System Administrator and Network Users

• Provides access to global resources
• Hierarchical directory tree
• One login, one password
• Simple, powerful administration

• Distributed and replicated database
• Flexible
• Scaleable
• Secure
• Inter-operable

15
For the ISV/Corporate Developer

• More valuable applications
• Uses an existing global directory
• Leverages security infrastructure of directory
• Fault tolerant and reliable data store
• Scaleable
• Extensible
• Existing installed base

16
For the ISV/Corporate Developer (cont.)

• Less support, development, administration costs
• Developers should spend their time developing
  their key technologies and not reinventing an
  already established proven technology

17
For Enhanced Application Solutions

• Single sign-on
• Single point of administration
• Shared object repository
• Service location

18
X.500 Directory System Agent
DAP
DSA
DSA
Directory user
DSA
DUA
The directory
DAP
19
X.500 Directory Information Tree
Distinguished name of entry
RDN of entry
null CountryGB CountryGB Organization
Big PLC CountryGB OrganizationBig
PLC Organizational UnitSales, Location Swindon
null CountryGB OrganizationBig
PLC Organizational UnitSales, LocationSwindon

Relative Distinguished Name
20
X.500 Directory Information Model
DIB
entry
entry
entry
entry
entry
...
User
attribute
attribute
...
attribute
TelephoneNumber
attribute type
attribute value(s)
TelephoneNumber2
attribute value
distinguished attribute value
...
attribute value
555-1234,555-4321
21
NDSX.500 Compliant?

• Directory system agent
• Directory information tree
• Information model
• Directory access protocol
• Communication layers

22
X.500 DAP Overview

• Connection operations
• Bind
• Unbind

23
X.500 DAP Overview (cont.)

• Interrogation operations
• Read
• Compare
• List
• Search
• Abandon

24
X.500 DAP Overview (cont.)

• Modification operations
• AddEntry
• RemoveEntry
• ModifyRDN
• ModifyDN
• ModifyEntry

25
NDS API Overview
Client
NetWare 4.X server
Local setup
Send request
Process reply
Process results
26
Directory Access Control
Who has rightsto me and myattributes?

• Access control

NDS user object
27
Directory Access Control (cont.)

• Directory access control is enforced through ACLs
• The access control list is a multi-valued
  attribute that every object in the tree has

28
Directory Access Control (cont.)

• Access control operations
• NWDSModifyObject()
• This function is used to assign or remove ACL
  rights
• NWDSRead()
• This function can be used to view the ACL values
• NWDSGetEffectiveRights()
• This function is used to calculate a subject's
  effective rights for an object or an object's
  attribute
• (Note public rights)

29
What Is The NDS Schema?

• The schema defines the types of information that
  can be stored in the directory database
• The directory schema is built of three major
  components
• Object classes
• Attribute types
• Attribute syntax

30
NDS Schema Object Classes

• Object class components define the type of
  objects that can exist in the directory and are
  composed of the following
• Structure rules (named by and containment)
• Super classes
• Mandatory attributes
• Optional attributes

31
NDS Schema Object Class Components

• Structure rules
• Define the structure relationship of objects
  within the NDS tree
• Super classes
• Designate the structure of the schema itself, not
  the directory tree
• The complete definition of each object class is
  derived from the components of the object class
  itself plus the components of all classes found
  in its super class lineage

32
NDS Schema Structure
Non-effective
Top
Effective
Device
Effective
Computer
33
NDS Schema Object Class Components

• Mandatory and optional attributes
• Mandatory
• An instance of the object class cannot be created
  in the directory unless values for the mandatory
  attributes are supplied upon creation
• Optional
• Non-essential attributes
• Values can be added at object creation or
  subsequent to creation of the object

34
NDS Attribute Class Components

• Attribute syntax
• Define the type of data stored in the directory
• The syntax also defines the matching rules
• Attribute types
• The attribute types are defined by the attribute
  flags (constraints on the attribute)
• Public read
• Multi-valued vs. single valued
• Sync immediate

35
What is LDAP?

• Proposal by the University of Michigan designed
  to relieve the overhead and relative complexity
  of DAP
• umich.edu/cgi-bin/ldapman?3cldap

36
Benefits of LDAP Services for NDS

• NDS is exposed for LDAP
• Novell LDAP provider supports LDAP v3
• Increased security over LDAP v2
• Management tool
• Use NDS as your directory for your LDAP compliant
  applications
• Run existing LDAP compliant applications on NDS

37
Why RAD Programmers?

• Highly productive segment
• Three to five million developers today
• RAD development gaining popularity today
• Integrate with off-the-shelf components
• Easy to learn
• Faster development cycle times

38
What is a RAD Component?

• An encapsulated, abstracted unit of functionality
  that acts as a building block for a RAD builder
  or scripting language
• Method and property interface
• Outgoing event interface
• User online help interface

39
RAD Component Market

• ActiveX controls
• Large market for 16 bit VBX controls
• ActiveX controls represent an even larger market
• Supported by all visual builders

40
Run in the Web Browser

• JavaBeans
• Component standard of the future
• Same benefits as ActiveX
• Cross platform controls
• Beans will be 'bridged' to ActiveX
• New bean builder tools all the time

41
Novell's ActiveX Development Goals

• Surface all Novell services
• Consistent higher level of abstraction
• Useable from all popular RAD tools
• Useable in Internet web pages
• Useable in NetWare scripting

42
Novell's JavaBean Development

• Novell is committed to beans
• Build beans on open class libraries
• Can the beans as ActiveX controls
• Can download
• developer.novell.com

43
Java Naming and Directory Interface (JNDI)
44
Benefits of Java

• Platform neutrality
• Compact format
• Code reliability
• Object oriented
• Extensibility of language in binary form

45
Why Is Java Important to Novell?

• What does Novell do for Java?
• Huge existing installed base
• Credibility for Java services
• What does Java do for Novell?
• More application developers
• Pull more Novell products

46
JNDI Overview

• An API specified in Java that provides directory
  and naming functionality to applications written
  in Java
• It is defined, similarly to ADSI, to be
  independent of any specific directory service
  implementation
• java.sun.com/products/jndi/index.html

47
Goals and Design Principles of JNDI

• Adhere to and preserve the object-oriented nature
  of Java
• Hierarchical API structure to minimize complexity
• Use strong and consistent typing wherever
  possible
• Implemented over prevalent directory and naming
  service interfaces and protocols
• Directory plug-in capability behind JNDI

48
Q A