Corporate.Net
Wor
kshop
LDAP: The Internet's Latest Great Protocol Experiment
By Dan Backman
The great experiment-turned-commercial-success--the Internet--is the laboratory for new networking protocols and technologies. The Internet is successful in part because of its use of standardized protocols that bridge the gap between multiple computing platforms. And these open protocols are the key to its continued success.
The latest concoction out of the test tube is the Lightweight Directory Access Protocol (LDAP). Touted as a directory cure-all, LDAP is causing vendors to scramble to incorporate some form of LDAP support into their operating systems and Internet services. Driven by the promise of raising the lowest common denominator of interoperability on the Internet, the true experiment behind LDAP involves determining whether a common directory access protocol
will help to bring about standardized global directory service.
With the testing we've done so far, LDAP has the potential, but must first overcome some hurdles, such as industry acceptance, application support and application interoperability.
 A Directory Service by Any Other Name
LDAP is a directory access protocol, not a directory service in itself. LDAP is the leading candidate to raise the bar of interoperability between IP applications. Today, the lowest common denominator of interoperability between IP applications is the network or transport layer, in other words, TCP/IP. But to share configuration or authentication information, applications must rely on proprietary protocols. LDAP directories promise to provide the glue that binds applications and servers into a cohesive network service. It
may sound ambitious, but proprietary directory services already fill critical gaps in administration, authentica
tion and resource-locating services.
Indeed, Sun Microsystems' Network Information Service (NIS), Novell's NDS and Banyan's StreetTalk all are several years old. And while some folks in the networking industry scoffed when Microsoft renamed its Windows NT "domains" to "directory services," the marketing hype is somewhat sound. Although Microsoft's domain structure is not hierarchical and not as extensible as systems like NDS, it provides the basics of an NT-specific directory service: a central repository for user, security and configuration information throughout a Windows NT network administrative unit. The only problem is that each of these solutions is focused on a single network operating system.
To be effective, a directory service must be universally accepted. You wouldn't buy a nationwide telephone directory that includes subscribers to only one telephone company. The key is interoperability, and this is today's directory service battleground.
While many hierarchical directory services lik
e NDS and the Cell Directory Service--a critical piece of Open Group's Distributed Computing Environment (DCE)--are based on the ISO X.500 directory service standard, they do not share common access protocols or storage schemas. To implement centrally managed directory services in a multivendor environment using different directory services, a synchronization tool is needed to replicate information among the disparate directories. These synchronization tools, or metadirectories, form an umbrella over all vendor-specific directory services, allowing a single point of administration where user administration and some configuration information is centrally stored and propagated to each vendor-specific directory service under its control.
For the side bar on
Directory Service Applications and
What's Next For LDAP
Internet Rx
By Dan Backman and Chris Lewis
Tektronix's NC Line Heads Down the I-Way
By Dave Molta
Updated September 24, 1997
|
REPORTS
ANALYTICS
Follow 
