Novell Home

Partner Spotlight: Isode Connects eDirectory to X.500

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 2 Jun 2004
 

Connecting eDirectory to X.500

Rob Sabey, Novell partner manager for the eDirectory product line, and Steve Kille, CEO of Isode.

With Novell's eDirectory, organizations across a broad range of industries can easily implement a high-end directory service to act as the basis for secure identity management solutions. But what happens when a requirement exists to connect an eDirectory deployment to a directory that's based on the X.500 protocol? This is where Isode's M-Vault Connector comes in.

As one of the authors of the original LDAP protocol, Isode's CEO Steve Kille well understands LDAP strengths but is also realistic about the continuing market demand for X.500:

"X.500 directories are quite often used in government and military environments where X.500's ability to offer a higher-level of security and secure replication in a distributed environment is appreciated."

Kille continues, "Even where LDAP directories can, in theory, do the job, the costs, time and disruption involved in changing from a directory based on one protocol to directory based on another often make the process an unattractive one, especially given that the proven X.500 protocol is still very much alive and kicking."

Communications Intermediary

But while many central directories are based on X.500, departments making delegated IT infrastructure decisions will often choose LDAP for their local directory. They feel that its ability to pass queries from LDAP client to an LDAP server over a TCP/IP network, as well as its lower overheads, makes it more suited to their needs.

Given this scenario, the M-Vault Connector can act as a communications intermediary between an LDAP directory, such as eDirectory, and an X.500 directory. The diagram below illustrates this:

Figure 1: M-Vault Connector as a communications intermediary

Handling an LDAP query to the central X.500 directory, M-Vault Connector can "chain" the query to the X.500 directory using X.500 DSP (Directory System Protocol). For queries travelling in the opposite direction, M-Vault Connector can pass the query to the LDAP server using "LDAP chaining" (a term coined by Isode, gaining broader use in the directory industry).

Distributed Directory "Glue"

Another common use for M-Vault Connector is the "glue" holding together a mixed-environment, distributed directory (as in the diagram below).

Figure 2: M-Vault Connector as the "glue" in a mixed directory

Distributed directories are often implemented where it makes more sense for data to be managed locally, perhaps because the most frequent use of the data is at that point.

In principle, the elements of a distributed mixed-environment directory could all work together as peers, if care is taken to ensure consistency in naming and structure. In practice, however, it makes more sense to have a central M-Vault Connector directory in place, handling interconnection requests and replication.

Not a Cut-down Product

M-Vault Connector is a specialized version of Isode's M-Vault directory, rather than a a simple-minded protocol converter. This approach gives a number of key advantages to the user, including:

  • Full protocol compliance to both the X.500 and LDAP standards, and in particular to the X.500 distributed operations procedures and LDAP v3 protocol and extensions
  • Ability to optimize directory connectivity in complex configurations
  • A comprehensive set of flexible configuration tools
  • The ability to replicate data across LDAP and X.500 directories (using Changelog and DISP: Directory Information Shadowing Protocol, respectively)
Benefits for eDirectory Customers

M-Vault Connector provides solid benefits to customers who need eDirectory to co-exist with X.500 directory services. It enables these customers to seamlessly connect to and integrate their existing service with the X.500 service.

If you'd like to learn more about Isode's M-Vault Connector, which enables eDirectory to connect with an X.500 directory through eDirectory's support of LDAP, visit its Web site at:

http://www.isode.com/company/partner_details/partner_novell.htm.

Feedback

Which third-party products have helped you better manage your Novell eDirectory deployment? Let me know at rsabey@novell.com.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell