Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Four reasons to buy (and one reason to avoid) the Droid
Cisco MARS shuts out new third-party security devices
Verizon Droid buzz muted in Boston
Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
Cloud computing, virtualization proponents getting antsy
Data center start-up offers energy saving software
Vendors scrambling to fix bug in Net's security
Judge dismisses lawsuit challenging Gartner's Magic Quadrant
Boston Celtics clamp down on spam
Cloud computing inevitable? Not so fast, educator says
Blue Coat slashes staff, buys S7 services company
Apple seeks new sheriff to lock up iPhones
Google releases new search engine for e-commerce sites
Rackspace apologizes for cloud outage, prepares to issue service credits
Applications /

Distributed LDAP Features

Related linksToday's breaking news
Send to a friendFeedback

By Joel Snyder
Network World, 05/15/00

Many LDAP directories are really interfaces to existing X.500 directory servers. When the market for X.500 directories turned out to be disappointingly small, vendors who had built X.500 products quickly retrofitted them for LDAP use. One of the main goals of X.500 directory services was its distributed nature, whereby a hierarchy of servers would pass queries around transparently, just as they would replicate directory information across servers. As an access method, LDAP doesn't have the built-in richness of X.500 when it comes to distributed features. A directory based on X.500 like Critical Path Global Directory Server, Siemens DirX, and Computer Associates eTrust Directory will generally have good capabilities in this area.

Generic directory distributed features can generally be divided into three areas: referrals, chaining and replication. Referrals - which is the only distributed feature currently supported by LDAP -- and chaining are query-based behaviors. When a query comes into a directory server and cannot satisfy the request directly, the server may have information about a different server that does indeed have the answer. In that case, it can return to the client a referral, which says "go ask this other server for the answer." Referrals are defined in LDAP beginning with version 3, the version that most products support today.

Alternatively, the server that doesn't have the answer on the behalf of the client can go ask the server that does. This server-to-server chaining is an integral part of X.500, but is not defined in the core LDAP specifications---LDAP only deals with how a client talks to a server, not how servers talk to each other. Directory servers that include both LDAP and X.500 access methods generally support chaining, because chaining is an integral part of X.500.

Replication is a different distribution feature, in which directory information is reproduced and synchronized between two directory servers. Replication can be master/slave, under which a single directory is updated and propagates the changes to one or more slaves; or multi-master, under which any copy of the directory can be updated, automatically or periodically updating all the other copies. Because replication can be critical to performance and reliability of applications, most directories support one form of replication. However, if replication is going to be an important aspect of your directory project, you should determine very early what replication features are needed, as support for replication varies widely between products.

Back to the main story

RELATED LINKS

Snyder is a senior partner at Opus One in Tuscon, Ariz., specializing in security and messaging technologies. He can be reached at joel.snyder@opus1.com.

Snyder is also a member of the Network World Test Alliance, a cooperative of the premier reviewers in the network industry. For more Test Alliance information, including what it takes to become a member go to www.nwfusion.com/alliance.

LDAP untangled
A simple look at what's up in the ballooning LDAP market, and what that means for your network.

Review: Management tools and back-end services
X.500 directories offer more features, but LDAP-only directories are easier to set up and manage.

Review: Sizing up LDAP servers
iPlanet orbits the competition with superior performance and manageability.

Interactive scorecard and NetResults
Every network is unique. This calculator lets you change the weights given to scores from our review to see which product might be best suited for your needs.

Review: LDAP: How we did it
Our methods of testing.

Newsletter: LDAP, one more time
LDAP does not define a directory structure or schema.
Network World Fusion Focus, 04/19/00.

Eprise adds LDAP support
Eprise Participant Server 2.6 now supports LDAP-based directory services including Novell Directory Services eDirectory and Microsoft Active Directory.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.