DBIS: Directory-Based Information Services
Mark R Bannister
Abstract
DBIS is a set of new internet drafts and a working reference implementation to be used in place of NIS or RFC2307. Designed to improve upon RFC2307 and remove some of its compatibility issues, introduce a standard set of enterprise-class features while encouraging interoperability between commercial authentication products.
RFC2307 describes how to represent NIS map data within LDAP. There are a number of pain points encountered by large enterprises when attempting to use the standard to represent their data. The client configuration is de-centralised and vendor-specific. There is typically no API (only an NSS library) meaning applications that need access to map data not otherwise available through NSS also have their own configuration and LDAP communication. Features required by large enterprises to manage domain complexity at scale are not addressed by the standard. Vendor products that introduce these features are rarely interoperable or interchangeable, leading to vendor lock-in.
The modular extensible design of DBIS has a centralised client configuration, maps can be joined from multiple locations in the DIT, hosts can have different “views” of a map, DBIS supports data transformation rules and overlays as well as improving netgroups by hierarchical application roles modelled through “netservices” intended to reduce the complexity and increase the auditability of large netgroup maps. The DBIS reference implementation also provides a caching daemon, command-line tool and Python API that can be used for efficiently querying all maps, not just those supported by the NSS library.
Biography
Mark R. Bannister has worked as an enterprise I.T. consultant for 14 years after forging his influences in software development and systems administration in the 1990s. His early interests in assembly languages formed as a teenager in games programming flourished into a core love of UNIX (chiefly Solaris) and C programming, and later developed into an architectural interest in high availability, storage, information and directory systems.
Mark has invented a number of free software products over the years including the PROSE Programming Language which he has been developing in his spare time since 2001 and is a programming environment implemented on an LDAP-style object model, the yp2ldap NIS-to-LDAP translation tools and the DBIS Reference Implementation which follows on from his work on a set of 7 new IETF internet drafts. This is the first time that Mark has spoken at a conference about any of his Open Source initiatives.
Presentation
DBIS Presentation – slides
DBIS Paper – paper