[Date Prev][Date Next]
RE: off topic : metadirectory
Thanks for your reply. Company I work for are a CA directory resellers,
based on this there is detailed knowledge on the implementation of the
e-Trust Directory. If, I assume, you are referring to DXLINK as the meta
component then this is not a meta directory. The e-Trust directory is simply
using LDAP calls to environments that provide LDAP capability. Meta itself
spans to business enterprise applications and provides a basic to medium
centralised view of services available to the user community. These service
are referenced from the directory to the source of that service (RDBMS, NT
Core Research and Development
Jacobs Rimell Ltd.,
24, Chiswell Street,
London, EC1 4TY.
mobile. (+44(0)7770 425193)
This email is confidential, may be legally privileged, and is for the
intended recipient only. If you are not the intended recipient, please
inform the sender and delete the email immediately.
From: Rozonkiewiecz, Mitchell [mailto:Mitchell.Rozonkiewiecz@ca.com]
Sent: 16 October 2001 16:52
To: Dhiren Pankhania
Subject: RE: off topic : metadirectory
I would also expect that you should look at Computer Associates line of
Once you have a directory, as previous stated, you might want to add on the
ability to support SSO or PKI, etc. CA's products do this. There is eTrust
Directory, a X.500 Server with full LDAP and meta directory support, eTrust
PKI (a full CA), eTrust SSO, eTrust Access Control (security for
NT/Linux/UNIX machines), eTrust Web Access Control, etc.
Plug in the piece that you want/need and all of them build on eTrust
From: Dhiren Pankhania [mailto:Dhiren.Pankhania@jacobsrimell.com]
Sent: Tuesday, October 16, 2001 10:31 AM
To: Pierangelo Masarati; Dhiren Pankhania
Cc: P. Vranckx; openldap-software mailing list
Subject: RE: off topic : metadirectory
I would certainely expect for enterprise environments using a directory to
look at servers that provide "dynamic" joins (as well as synchronous ) to
applications such as Oracle, NT, PeopleSoft and so on. This provides a basis
for a single point of access and control for enterprise users, providing the
ability to support SSO and PKI amongst other things. Making it dynamic
provides to some degree real-time capability. This is something many
directory vendors are doing, so synchronous is a good starting point but
OpenLdap when moving into the meta arena should aim to catch up with levels
of joins to apps and how it does this.
Dhiren Pankhania wrote:
> you will obtain info from the Burton Group, Syntegra (Control Data),
> Critical Path (Isocor), iPlanet (Sun) and a number of other organisations.
> They will provide platform support and what environments they will apply
> meta calls.
> Metadirectories is not a defined standard so all tools provided are
> proprietary in nature but will use backend directory services for
> As for openldap, I do not know of any organisation that has provided meta
> capability there, but there is no reason for not developing one.
Many features go under the definition of meta-directory. In OpenLDAP
there's an attempt to implement a multi-target LDAP proxy that glues
together different directories under a common naming context, possibly
thru regex/map-based dn rewriting. It is called back-meta, and is
currently in the HEAD of the CVS. Eventually it might evolve in
more sophisticated, by adding a synchronous join capability.
current back-meta: shows independent entries on separate servers as
belonging to the same naming context; there's no control for duplicate
(future?) synchronous join: different portions of a single entry may
reside on different servers, and the meta-directory shows it as a unique
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:firstname.lastname@example.org
via La Masa 34, 20156 Milano, Italy |