Much of what has been written recently about directory services concerns predictions for the future. What about those of us who need a directory services solution right now but don't want to write custom applications? Although the future might bring applications that support a single user logon through access to a universal directory service, today's typical business network uses several directories to provide user authentication services for a variety of operating systems (OSs) and applications.
Until the time when directory services have developed to the point at which network applications and OSs can use one database to authenticate users, you can avoid having to maintain multiple directory entries for each network user. How? Set up a metadirectory.
The Burton Group (http://www.tbg.com) coined the term metadirectory in its February 1996 Network Strategy Overview document, "Meta-Directory Services." The Burton Group defined the term as a "directory \[service\] that can integrate multiple directory services within an organization."
Thus, a metadirectory is a directory of directories that acts as the authoritative source for information about your network, applications, and users. By synchronizing with the other directories on your network, a metadirectory lets you make all your changes to one database. The metadirectory then propagates this information to the other directories.
The Burton Group's document outlines a specific series of processes and characteristics for metadirectory products, but The Burton Group defined these processes and characteristics before any such products existed. When metadirectory products eventually appeared on the market, they were not necessarily designed with these characteristics in mind. As a result, many metadirectory product vendors have adopted a looser definition of metadirectory than The Burton Group proposed. This introduction and the other articles in this month's focus use this alternative definition: A metadirectory product is any product that integrates the functionality of multiple directory services into one directory.
Today's metadirectory products function in one of two ways: They promote an existing directory service to the role of metadirectory, or they include a new proprietary metadirectory service. In both cases, the metadirectory communicates with other directories on the network. When you create or modify a user account in the metadirectory, the metadirectory product copies the information to the other directories, providing a single point of administration. The articles that follow examine some of the available metadirectory products that run on NT and how network administrators can use these products to streamline their user account maintenance tasks.
The existing directory service most often used as a metadirectory is Novell Directory Services (NDS). Based on X.500 and first released in 1993, NDS has had 5 years of refinement. During the past year, Novell has released a series of products that expand NDS's functionality by integrating NT's domain-based directory service into the NDS database. William Wong discusses the latest of these products in "Novell's NDS for NT," page 131. NetVision's Synchronicity products also use NDS as a metadirectory to support NT, Lotus Notes, and NetWare 3.1x users. For more information about these products, see "NetVision's Synchronicity for NT," page 125.
Netscape's Directory Server 3.0 and Zoomit's Zoomit VIA supply proprietary directory services that support the replication of user data to other directories on the network. Tao Zhou examines Directory Server 3.0's replication capabilities plus other features in "Exploring Netscape's Directory Server 3.0," page 137. For a discussion of VIA's replication features, see "Zoomit VIA and the Dedicated Metadirectory," page 145.
NDS, Synchronicity, Directory Server 3.0, and VIA differ greatly in their methods and capabilities. None is suitable for every network environment, but they all share one significant benefit: They are available for you to use right now.
