1. Technical Field
The present invention relates to directory based applications and, in particular, to the Lightweight Directory Access Protocol. Still more particularly, the present invention provides a method, apparatus, and program for rapid integration for directory based applications.
2. Description of Related Art
Considerable time and effort is spent integrating products that are written independently. This may translate into delay in integrated product deployment, and, consequently, customer dissatisfaction and loss of opportunity may result.
A large number of applications use Lightweight Directory Access Protocol (LDAP) directories to store data, typically identity data. For example, one application may store its users as an LDAP inetOrgPerson, while another application may store its users as a custom LDAP object.
LDAP is a protocol used to access a directory listing. LDAP support is implemented in Web browsers and e-mail programs and can query a LDAP-compliant directory. More particularly, LDAP is a simplified version of the Directory Access Protocol (DAP), which is used to gain access to X.500 directories.
Since two or more applications may store semantically equivalent data in separate directories, they may be candidates for integration. Sharing repository objects is a fundamental approach for integration. Sharing of repository objects guarantees that the logical view will be identical at all times. A common data model unifies the applications and solves problems that integration poses. This is a long-term solution that requires substantial investment and development effort.
Alternatively, it is possible to use a virtual directory to map LDAP objects from one object class to another so that an object stored in the repository of a first object class can be read through a virtual directory as a second object class. Thus, it is possible to store identity information in a first application format and use an auxiliary data store to perform vertical joins with the application data to produce objects in a second application format dynamically. However, LDAP servers have read-mostly usage characteristics and are optimized as such. The virtual directory remains in the crucial path of applications impacting performance by possibly performing vertical joins for every operation.
In another approach, applications may maintain their own repositories. Changes from one repository may be detected and propagated to another repository and vice versa by a meta-directory. Changes are detected in the meta-directory by using a LDAP change log. This is not a portable solution because change log format for every LDAP vendor may be different. Customers may not want to enable change log on their enterprise directory server because doing so affects performance. Also, the change log notification only happens after the fact.
LDAP supports change notification through asynchronous LDAP searches. The client is responsible for obtaining initial state of the object. This approach is not very versatile. The LDAP standard includes functionality for requesting pre-operation notifications; however, each vendor implements this functionality differently.
Therefore, it would be advantageous to provide an improved mechanism for rapid integration for directory based applications.