HOME | NEXT | PREVIOUS |
This chapter gives an overview of how to plan an Enterprise Directory Synchronization solution using LDSU.
A complex Directory Synchronization may involve:
To allow LDSU to perform all these functions involves planning.
The only requirements for using LDSU in a Directory Synchronization Solution is that at least one LDAP directory is required and that each individual directory synchronization instance involves an LDAP directory.
To help start the planning, obtain answers to the following questions:
The use of files using the LDAP Data Interchange Format (LDIF) should also be investigated. Using LDIF gives the advantage of ease of setting up (since LDSU contains a built-in way to specify an RDF LDIF format, no RDF needs to be created). However, LDIF files require that the directories using them have the same directory format (e.g. DN, field names), whereas RDF files allow the directory format to be easily transposed or otherwise remapped between directories.
Using one central LDAP directory in a directory synchronziation solution is often recommended because it reduces the complexity and long-term maintenance requirements. With a central directory, every other directory need only synch with the central directory instead of having to synch with every other directory (Up to N*2 synchs instead of N*(N-1) synchs). When new directories are added, they need only synch with the central directory and not every other directory. And having all the data needed by all directories in one place provides an easy way to perform uniqueness checking and perform reporting, etc.
If using a central directory, however, that central directory should have a customizable schema. This is needed so that it can contain attributes which may not be used by the central directory, but are needed to populate foreign directories.
One concept to be aware of is data ownership. Which source "owns" the data in a directory? Each data source which owns an "entry" in a directory can Add and Delete the entry. And usually that data source also owns all the "fields" in the entry as well, so it can Modify the entry. However, another source may own some fields in an entry that the entry owner cannot modify.
After obtaining the answers to the above questions, the next step is to produce a design document that details the data flow and has detail down to the field names for each synch. This will then allow all the LDSU instances to be quickly configured from this information.
The final piece of planning is determining the timing of the
directory synchronization.
Another advantage to using a central directory is that the timing
of each individual synch can be controlled in one spot. Usually
a master command file will kick off all the data imports which come into
the central directory and then the data exports out of the central
directory. But the order of the synchs and whether synchs can be run in
parallel or in series and whether external events need to be waited on
has to be determined.
HOME | NEXT | PREVIOUS |
Copyright © Digital Equipment Corporation 1998