September 14, 2011

Directory and File System ... differences, similarities

As is commonly the case with many technologies, it seems LDAP products suffer from a really bad image. They are perceived as obsolete servers that are both convoluted, inadequate as general purpose stores and instead are purpose built for certain "niche" use-cases because the data layout is hierarchical and thus, weird. File systems are almost always hierarchical but somehow do not suffer from the same perception.

Let me try to draw a parallel between a file system -you know, this place where you trustfully organize all your work documents, your family pictures and other music files- and a good old LDAP Directory Server.

  • the structure is the same: it's a tree!

Above, Microsoft Windows folders (on NTFS)
Below, LDAP entries (UnboundID Directory Server

  • items can be manipulated the same way!

  • in LDAP, every object can have children. That is, it's like every file could also be a folder.
  • in LDAP, every object is characterized by a class. It is like the file type, except that a class can inherit characteristics from a parent class. Imagine that a WORD 2007 document inherited characteristics that are common to other documents like say, a revision number. Now another document, say an Excel spreadsheet could also have a revision number even though the word and excel documents contents are very different in nature, they share some characteristics that can be described in a common "structure". That's in essence what the hierarchy of object classes achieve.
  • In a file system, files can be journaled or revisioned. I don't know of any LDAP server supporting this as-is but LDAP servers usually have some sort of a changelog that can keep track of data changes for some time. This usually allows strong replication, resolution of conflicts and repairing most administrative errors with respect to data handling. Think of it as an integrated time machine.
  • LDAP allows extra mechanisms than a file system does, a big one is a strong authentication system that has effectively made Directory servers prime candidates for ... Operating system (and thus file system) authentication
  • LDAP supports grouping mechanisms
This is obviously not completely exhaustive but at least it gives you an idea of the similarities between the contents of an LDAP server and those of a file system and how to manipulate them: pretty much the same thing, just called different.

No comments:

Post a Comment