If it's not one thing, it's another. Deploying the new Windows 2000 directory took a superhuman effort. Now, managing it seems like a job for Superman. Fortunately, AD administrators/superheroes can enlist the aid of a sidekick, Lightweight Directory Access Protocol (LDAP), which can cut AD management tasks down to size.
Directory software protocols make keeping track of the user, password and IT resource information stored in directories more straightforward, according to Gregoire Michel. LDAP uses a hierarchical approach to do that, and an LDAP management tool can simplify management substantially. Michel is chief marketing officer of Aubagne, France-based Calendra, Inc., which recently released Calendra Directory Manager 3.0, an LDAP-based directory content manager. He recently spoke to searchWindowsManageability about the benefits of LDAP-based directories.
| sWM: | What are the benefits to having a directory as a business application? |
| Michel: | Directory services are about sharing business critical information. The main benefit is that the directory is a central repository for very basic information that will be shared throughout an entire enterprise and IT system. In the directory, you put information about people, IT and non-IT resources, and information about rights. Directories are often used as a central directory for authorization and authentication information and the relationship between those. Who has what rights on different applications or resources, for example. So that information is being stored and maintained in one place, but can be used by all the applications. |
| sWM: | Are all directory services LDAP-based? |
| Michel: | Not necessarily, some are based on relational or SQL databases. |
| sWM: | What makes LDAP a preferred protocol? |
| Michel: | LDAP technology has standardized schemas and a performance level that make it the de facto standard. In relational or SQL databases, if you want to access data, you have to know the schema, such as how the tables are set up and what information they are containing. You also have to know the name of the tables. They are not standardized. LDAP standardizes these kinds of things. It's hierarchical. You always query an LDAP by the top hierarchy, and then you drill down in the tree. It's auto discovery. |
| sWM: | What are the headaches inherent in managing a directory? |
| Michel: | The first one is having to chose a technology. The second is to find the skilled people to administer it. It's still a new, complex technology, and the skills are scarce and expensive. The third is a political problem. Companies may not want to put sensitive information in a central place. The last headache comes with how you integrate the directory services in your IT systems. |
| sWM: | Active Directory is the Windows 2000 directory. Can you tell me what the headaches are in managing Active Directory specifically? |
| Michel: | Active Directory is basically an LDAP directory. It has an LDAP interface, and so if you have an LDAP tool you can access AD. The difficulty with AD is that some of the functions you normally find in an LDAP directory are not yet implemented in AD. AD is not compliant to the password management standard, for example. If you want to change someone's password, you have to go through the OS, not directly through the LDAP. |
| sWM: | What are the benefits of using an LDAP management tool? |
| Michel: | The main benefit is delegated administration and self-service. Editing all the content in the directory can only be done by highly skilled people who can use the LDAP interface if you don't have this kind of tool. |
FOR MORE INFORMATION
SearchWindowsManageability's Experts may be able to answer your Active Directory and infrastructure-related questions. Ask away!
SearchWindowsManageability's Best Web Links on Active Directory and Network Management
Join the conversationComment
Share
Comments
Results
Contribute to the conversation