The use of LDAP in the PSE project


The following document describes the use of the Lightweight Directory Access Protocol in the Problem Solving Environment Project (PSE). The PSE project, spearheaded by the Indiana University Computer Science Department, seeks to create a component environment in which distributed software modules can interact seamlessly. An LDAP database is used to store metadata about the machines, people, and software modules associated with the project.

LDAP is a protocol for accessing online directories. LDAP directories, like file system directories, resemble trees with a root at the top and leaves at the bottom. An LDAP directory tree (DIT) is populated with entries. Each entry contains several attributes, each of which contains one or more values. The attributes that each entry posseses are defined in a simple class-definition language. Each entry is uniquely identified by one of its attribute/value pairs (called the relative distinguished name or RDN) and the RDNs of all its ancestors. This unique name is called an entry's distinguished name (DN). The distinguished name of an entry corresponding to a person might look like:

cn=Andrew Whitaker,ou=Computer Science,o=Indiana University, c=US
cn stands for "common name"; ou stands for "organizational unit"; o stands for "organization"; c stands for "country"

LDAP is based on the OSI X.500 protocol, but is much simpler and runs over TCP/IP.

The directory structure for the PSE project was initially implemented using the University of Michigan LDAP server , but could be easily ported to any LDAP-compliant database such as the Netscape Directory Server. The LDAP attribute and class extensions used by the PSE are available.

Directory Structure

The PSE directory tree has two components: a permanent foundation that client-side applications can rely on when making queries, and the "real" data that is contained in the sibling leaves. The data in the database is broken into four broad resource categories: software, physical (including machines),human, and resource managers. Some of these categories are broken down further. For example, software components are broken into sub-categories such as Solvers and Filters.

The software resource category contains entries pertaining to software components without regard to any particular host. The attributes defined for all software component entries includes common name, type (native executable, Java class file, Perl script, etc.), and a list of machines where the component is installed. Optional attributes include a README, a description of the parameters and outputs, the author's name, and the version number.

The physical resource category contains entries relating to hardware relating to the PSE project. It currently only contains machine information, but could be expanded to include other information (printers, disk drives, etc.). Each machine entry contains the manufacturer, the model, the operating system, the host name, the proxy that has jurisdiction over the machine, and a list of modules that can run on the machine. It can also contain static machine specs such as RAM and processor speed.

The human resource category contains entries describing people associated with the PSE project. It is currently empty.

The resource managers category contains entries that describe entities that manage resources in the PSE. Currently, this directory contains entries describing proxies. Proxies are daemons that can spawn processes remotely in lieu of rsh. Each proxy contains a host name and a list of machines over which the proxy has jurisdiction.

A powerful feature of LDAP is that it allows attribute values to be the distinguished names of other entries. This allows an entry to reference another entry by its distinguished name. This is important for the PSE because information contained at the leaves never needs to be duplicated. For example, when a client performs a query to obtain a list of machines, she can easily obtain information about the components that run on those machines by dereferencing the list of component distinguished names.

Database Access

Database queries are made using the Java Naming and Directory Interface (JNDI). This provides seemless operability with the Java-based PSE user interface. Andrew Whitaker developed a small Java directory access package that abstracts the process of formulating LDAP queries from the user iterface designer.

Another Java module called the Information Sub-System ( ) formulates LDAP queries to satisfy certain standard operations: searching for a list of proxies, obtaining the path of an executable component, etc.

Last Update: 7/6/98
Andrew Whitaker