By Gary Rowe and Daniel Blum
Network World, 9/15/97

Directories are the lifeblood of network operating system (NOS) administration and management, but they'll need a transfusion in order to span the enterprise and all of its applications.

NOS directory view and update functions are integrated with the server's active management services. For example, when an administrator creates an account, the directory gets updated at the same time the user's home directory and other server objects associated with that user are created. And when users examine a printer in the directory, they can access the print queue and manipulate print jobs. These are core functions of a basic NOS directory.

But to become a full-fledged enterprise directory, NOS directories must span multiple NOS servers to facilitate single network logon and a single point of administration. Directories also must support multiple, flexible fields or properties and allow applications to add new properties to the schema at install time. For example, groupware/workflow applications might need to store role-based information, or a security application might need to store badge IDs.

As enterprises drive toward decreasing the enormous cost of per-user PC administration and configuration, even common applications such as word processors will begin to store information about per-user preferences in the directory. Allowing applications to use the enterprise directory in a flexible way is critical to cost-effective enterprise application deployment.

Standards support also is critical. An enterprise directory needs to support standards such as Lightweight Directory Access Protocol (LDAP), Domain Name System, Java, SNMP, TCP/IP, and Dynamic Host Configuration Protocol. These standards increasingly will allow any application or utility to plug into any NOS directory, eliminating proprietary addressing and configuration dependencies.

But don't expect standards to solve all your directory problems yet, if ever. Although LDAP supports multivendor client-to-directory access, full multivendor directory-to-directory interoperability requires protocols for distributed queries, distributed updates, access control, replication and management. The full international X.500 standard provides many of these, but Microsoft Corp., Netscape Communications Corp., Novell, Inc. and many other vendors have essentially written it off. They've decided instead to wait for the Internet Engineering Task Force to build simpler directory-to-directory protocols into LDAP, a process that will take several years.