CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Is LDAP the common pacifier?

When interoperability questions arise, LDAP is offered as the panacea, despite continuing concerns that the widely supported protocol is not ready for prime time.

When pundits speak of allowing various corporate business applications to access common information no matter where it exists on the network, one protocol immediately comes to mind.

That protocol is called LDAP, or lightweight directory access protocol, and is -- Gary Hein, a technology evangelist at Novell essentially an access mechanism for information sharing between software applications. When interoperability questions arise, LDAP is offered as the panacea, despite continuing concerns that the widely supported protocol is not ready for prime time.

Why the LDAP buzz? Because giant software providers such as Microsoft, Novell, and Netscape Communications, among others, are continuing to pitch strategies to application developers that rely heavily on a directory services software layer.

"Before LDAP, it was a bunch of different disconnected directories," Shilpa Agarwal, analyst with Giga Information Group, said. "Now anybody who does directories has to talk LDAP or they're not in the game."

Interest has also been heightened in directory services software due to the next-generation directory currently under development at Microsoft--called Active Directory--that essentially serves as the 800-pound software gorilla's first stab at a true corporate directory implementation. The new service, to be released as a component of Windows NT 5.0, is a key element in the company's drive into corporate network computing.

Directory software ties various network elements and systems, user access rights, and company-wide policies into a central administrative tool that network managers can use to govern their networks. This type of software is part of the "plumbing" that allows corporations to deploy a wide variety of applications easily and securely.

Directories can be found in operating systems, such as Novell's NetWare, various email systems, and even in particular network-based business applications. According to a report released last year by Forrester Research, 80 percent of Fortune 1000 companies update these various directories either manually or through a combination of manual entry and integration tools.

In a directory services "nirvana," a variety of applications will be able to take advantage of what might be viewed as a single directory software --Shilpa Agarwal, analyst with Giga
Information Group layer--even if a variety of implementations are used--so that changes to user information can be made to a central database and then be replicated across the entire corporate network. A key component of this "pie-in-the-sky" networked world is LDAP.

Directories may also become a key component in the authentication process for "extranets," nomenclature for tying certain close partners to an internal corporate network so they can access relevant information.

But it appears the current hype surrounding directories, due in part to Microsoft's stepped-up focus on the service, may be overshadowed by the relative youth of the technologies, such as LDAP, that will be used to render a single directory nirvana.

Steven Judd, a directory guru within Microsoft's Windows NT distributed systems team, admitted that the protocol is "not terribly mature." The company will support LDAP in Active Directory.

Novell, an early entrant into the directory sweepstakes, currently offers LDAP support as an add-on to its base Novell Directory Services (NDS) software, which is delivered as a part of NetWare. Though bullish on the promise of the protocol, executives are quick to note its serious limitations.

"LDAP has a ways to go before two directory servers can communicate with each other," Gary Hein, a technology evangelist at the firm, said.

Hein noted that LDAP, as it is currently constituted, only serves a client access protocol and does not address centralized data stores, essentially the directory database, or server-based replication services, two key components of directory functionality that allow directories to share or automatically update information on users and systems.

Standards efforts are currently underway to add replication extensions to LDAP so that information can be synchronized across various directory software.

"Just because we're all running LDAP doesn't mean the world's a sunny place," noted Jeff Price, a product manager within Microsoft's NT server group.

Giga's Agarwal said that even though LDAP is definitely a standard, there's still a lot of work to be done. However, small- and medium-sized organizations are having success in deploying LDAP-based directories in certain departments. When LDAP is truly mature, those departments should integrate easily into the entire organization using extensions to LDAP that provide for server-based communications.

LDAP started as a "lightweight" way to access a decade-old type of directory called "X.500." But in the past few years, the protocol has moved past that niche to define the manner in which directories communicate in the Net era. The protocol's big break came when Netscape noticed the work a team of University of Michigan researchers was doing in developing the protocol.

Buoyed by their success in defining the browser market, Netscape plucked the researchers and launched an LDAP-based directory server as the underpinnings of its server-based applications. A groundswell of support resulted from Netscape's use of the protocol, rocketing the technology into the protocol mainstream as a "lingua franca" for communication.

[The company] made a decision that no one had made until now, but was pretty obvious to make," said Tim Howes, architect of Netscape's Mission Control management software package and cochair of the LDAP extensions working group within the Internet Engineering Task Force.

"LDAP isn't going to make it so all of your directories on your corporate network will disappear," Howes noted. "What it does mean is that all the directories on your network will communicate in the same way."  

Back to: Main story