January 13, 1997 10:00 AM ET

LDAP is key to unlocking doors to global directories
Directory-enabled clients and apps help kick-start distributed computing

By Lisa Wirthman

  If global directory services still seem a long way off, take another look. Directory-enabled applications are starting to trickle out, providing a vital cog for any corporation planning a move to distributed computing.

New standards-based directories and clients, such as a version of Novell Inc.'s NDS (Novell Directory Services) with support for LDAP (Lightweight Directory Access Protocol), and Netscape Communications Corp.'s LDAP-based directories for Windows NT and Unix, offer a strong incentive for IT managers to start migrating to global directories. (See related story, "Why LDAP is key to making directories go global.")

"Directory-enabled applications will play a key role when we start trying to share information in a universal format," said David Doering, president of Network Technical Services, a consultancy in Provo, Utah, that uses NDS. "I'm looking for the day when we will have a universal window for our resources."

Netscape will deliver its first LDAP-enabled clients in its Communicator suite of integrated client software, which is now in beta tests and due by the end of this quarter. Microsoft Corp. delivered LDAP support for Internet Explorer 3.0 last month through an update of its Internet Mail and News client, and its LDAP-based Active Directory will be included with the release of Windows NT 5.0 later this year.

Other vendors, including IBM and Banyan Systems Inc., have pledged to support LDAP in their directory products, beginning early this year.

Directory-enabled applications leverage the infrastructure and resources of a general-purpose directory service, so that information about users, files, printers, devices and other applications can be found, shared and managed across a heterogeneous, global network.

Less work, complexity

While most applications already have built-in directory and security infrastructures, writing new applications that leverage the infrastructure of a general-purpose directory such as NDS or Netscape's Directory Server means less work for developers and less complexity for administrators and users.

"The amount of work that had to go into building an infrastructure was disproportionate to the work to develop the actual applications," said Craig Burton, principal for the Burton Group, a consultancy in Provo. "Writing to a directory frees [developers] up to do other things with their applications."

Developers won't have to build knowledge into their applications about where other resources, such as databases, are located because the directory knows where they are, explained Michael Simpson, director of marketing for Novell's Internet Infrastructure Division.

Directory-enabled applications can potentially be any type of traditional business application. For example, an E-mail application could leverage a general-purpose directory to find a user group, a spreadsheet application to find a database or a word processing application to find a printer, regardless of where the information or device resides on the network.

"Users don't care where things are," said Doering. "They just want to find things in an intuitive way, but they need applications that register in a directory first."

For network administrators, the advent of directory-enabled applications means a central place to add, delete and change users without having to synchronize those changes among multiple applications.

For end users, benefits include only having to log in once--to the directory server--instead of logging in to individual applications. That's because applications registered in the directory can share security and password information.

"There's no reason for users to have to go through two or three tiers of security," said Jim Branson, technology planner for the Missouri Department of Health, in Jefferson City, which uses NDS.

Less complexity is just one benefit of writing applications to a general-purpose directory; the longer-term benefits will become clearer as more developers start using objects to develop applications, said analyst Burton.

"Now directories really play a bigger role in how to find and store those objects," he said. "They are the linchpin of the future of object-oriented computing."

Because software objects live on networks rather than specific servers, it is critical for developers to have a common infrastructure for finding them, analysts said. Objects and data can be registered or actually stored in the directory, Burton said. Directory-enabled applications can then get those objects and execute them without having any knowledge of how they work or where they are located, he added.

The first tools to build these applications are due later this year. Netscape's Directory SDK, which enables developers to write applications to a standard set of LDAP APIs, is now in beta and will ship midyear, said Frank Chen, a senior product manager for the Mountain View, Calif., company. Applications written to the LDAP APIs can run on any directory supporting the protocol, Chen said.

Novell also is working to enable directory-enabled application development through the creation of Java class libraries for NDS, said David Clare, director of product management for Novell's developer group in Provo.

Novell recently shipped its Java SDK for IntranetWare, which includes early versions of class libraries to enable developers to create NDS applications using Java. General availability of the Java class libraries will be released in a 1.0 version at Novell's Brainshare developer conference in March, said Clare. Also due by Brainshare are ActiveX Controls for NDS, he said.

As LDAP makes its way into new products, the protocol itself continues to evolve. The Internet Engineering Task Force is working on LDAP Version 3.0 and hopes to complete it by the end of the quarter, said Netscape's Chen.

First, however, the protocol must be slimmed down by an IETF subcommittee, which must submit its recommendations on which features to cut by Jan. 31.

Paged search results--the ability to display search findings one page at a time--and type-down addressing, which enables search engines to look for information as each letter is typed, may be the first features to go, Chen said. Support for international character sets, SSL (Secure Sockets Layer) and a common directory schema--which defines how a directory works and stores information--are likely to stay.

Netscape, meanwhile, is working on LDAP extensions beyond Version 3.0 to support the replication of information between different directories, Chen said. Those won't be published until after LDAP 3.0 is delivered this spring, he added.

Holy grail

A key future market for directory-enabled applications is E-commerce. "Electronic commerce is the holy grail," said Novell's Simpson, because commerce applications running on different platforms will need a common infrastructure for exchanging data.

Novell plans to add support in NDS this year for storing digital signatures to be used in electronic transactions, he said.

Netscape's directory already features digital certificate support, said Chen, as well as support for the SSL encryption protocol. In addition, Version 2.0 of the directory server, due this year, will include the ability to authenticate users based on their digital certificates, he added.

Copyright(c) 1997 Ziff-Davis Publishing Company. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff-Davis Publishing Company is prohibited. PC Week and the PC Week logo are trademarks of Ziff-Davis Publishing Company. PC Week Online and the PC Week Online logo are trademarks of Ziff-Davis Publishing Company.

Send mail to PC Week