Directory Services for Linux in comparison with Novell NDS and Microsoft Active Directory

Here you'll find the online version of my thesis which I wrote to obtain the degree of ``Diplom-Informatiker'' at the RWTH Aachen. It was done during my time at the DFN Directory Services located at Tübingen University Computing Centre.

Abstract

Directory services are designed and developed for managing different aspects of modern computer networks. In this thesis, the use of directory services as central authentication backend and repository for provisioning email applications is presented and analysed with regard to its resource requirements. The following products are evaluated in this context IBM SecureWay Directory, Messaging Direct M-Vault, Microsoft Active Directory, Netscape Directory Server, Novell eDirectory, and OpenLDAP.

On the subject of centralized authentication, a detailed analysis of the SASL protocol and the GSSAPI authentication mechanism as implemented in directory products is given. SASL GSSAPI allows the use of a Kerberos 5 network authentication infrastructure in different application layer protocols.

As a sample application, a directory service for bibliographical information is presented. A directory schema based on the BiBTeX format is defined and a web-frontend is implemented as a Java Servlet.

Online Document

hyperlinked PDF file
HTML version (graphics are still missing; I'm having a few problems with ldatex2html)
source code and samples
ZIP archive of source code and samples
bookmarks collected during the work on this thesis

Errata

Appendix A, page 73: "two-byte Unicode (UCS-2) representation in network byte order (little endian)". Network byte order is actually big endian. However, values of unicodePwd attribute type are encoded in little endian order. [Noticed by Alain Richard]

If you have any questions or remarks, feel free to contact me at norbert.klasen@daasi.de.