The present invention relates generally to directory services, and more particularly, to a system and method that allows an application to utilize different implementations of directory services.
Directory services play an important role in helping users locate resources on a network. The need for this function has grown along with the growth in the size of networks. Lightweight Directory Access Protocol (LDAP) is an Internet Engineering Task Force (IETF) open standard that provides directory services to applications ranging from e-mails systems to distributed system management tools. LDAP is a protocol that is based on a client-server model in which a client makes a TCP/IP connection to an LDAP server, sends requests, and receives responses. LDAP allows applications and users to access information from many diverse directories. For example, Web servers need to look up a user's access control rights before serving that user a Web page. Messaging servers need to know where a user's mailbox is located so that they can route e-mail correctly. Web proxies and firewalls need to authenticate users before allowing them onto the public Internet. LDAP defines operations for interrogating and updating the directory. Operations are provided for adding and deleting an entry from the directory, changing an existing entry, and changing the name of an entry. An LDAP query request permits a portion of the directory to be searched for entries that match certain criteria specified by a search filter. Information can be requested from each entry that matches the criteria.
The LDAP information model is based on an entry which contains information about an object. An entry is a collection of attributes that has a name, called a distinguished name (DN), which is a unique reference for that entry. In LDAP, directory entries are arranged in a hierarchical tree-like structure. A set of object definitions and their associated attributes is known as a schema. Currently there is no standardization of attributes of schema, thus each directory server vendor has been left to develop its own schema. Therefore, an application schema used for one directory server often has to be modified to work with a different directory server. Furthermore, in order to replicate or synchronize LDAP data on one server to another server of a different vendor, the schema often has to be modified. In order to use an application with different directory servers, the application code typically has to be modified. Thus, every time an application has to operate with a new directory server, the code has to be modified.
There is, therefore, a need for a system and method that allows an application to obtain data from different directory servers without having to modify application code.