The Directory Standards Debate

As if designing applications for different operating systems wasn't difficult enough, developers are now being called on to tweak their applications toward specific directory structures.

As if designing applications for different operating systems wasn't difficult enough, developers are now being called on to tweak their applications toward specific directory structures. This move is going against the grain, creating disparity in an industry that is looking to provide administrators with an all-in-one metadirectory.

Lightweight Directory Access Protocol (LDAP) has gone a long way in providing a standard: Directories such as Novell Directory Services from Novell Inc., Windows 2000 Active Directory from Microsoft Corp. and others have agreed to adopt it.

But many in the IT industry feel LDAP isn't enough to protect directories in heterogeneous environments. Thus, the Directory Interoperability Forum ( was formed. Members include IBM Corp., Novell, Oracle Corp., Data Connection Ltd. (DCL), Lotus Development Corp. and Isocor Ltd. The founding members are joined by supporters such as Cisco, AT&T, Lucent and others. The obvious absentee is Microsoft.

The forum will support standards bodies such as the Internet Engineering Task Force (IETF,, which developed LDAP; the World Wide Web Consortium (W3C,, which is working on XML; and The Open Group (, which will perform certification testing and conformance evaluations.

Forum members hope their joint efforts will spur ISVs to commit to open standards. The objective, says Art Olbert, vice president of business development at IBM's network computing software division, is to develop APIs that developers can write to that guarantee them their applications will work across directory structures. "The end result will be very rapid expansion of the marketplace," Olbert says.

According to Olbert, Microsoft has an open invitation to join the forum. Peter Houston, Microsoft’s product manager for Windows 2000 Active Directory, says Microsoft remains committed to LDAP and directory synchronization. The company will wait to see how things shake out before it decides to join or stay away from the forum.

Microsoft encourages developers and ISVs to use the Active Directory Service Interface (ADSI), a set of COM libraries that can be used to access Active Directory and other LDAP version 3-based directories, including NDS. ADSI reduces the lines of code developers have to write, using Visual Basic, C++ or Java and the SQL database language to perform the same actions as if they were writing for pure LDAP. Microsoft also provides support classes that are designed to simplify common directory programming tasks.

As an OLE DB provider, ADSI also allows developers to use ADSI indirectly via an ActiveX Data Object/OLE DB SQL-style interface to access directory data. Under the covers, ADSI then connects to the directories, letting database programmers access directories without having to understand LDAP, Houston explains.

Microsoft offers a separate LDAP API for Active Directory, although company literature describes the approach as a "lowest common denominator."

"They have their own API with ADSI, and if you live in an NT World then it works," says Rick Villars, vice president of network software research at International Data Corp. (IDC, "If you want to live in the world of the Internet and Unix and other platforms, then you need to have another method."

The Directory Interoperability Forum is hoping to provide that method from its work with the standards bodies. But it won't be easy, Villars says. The vendors in the forum have to find interoperability and compliance in every type of application from network sign-ons to global e-mail address books.

Villars expects it will be difficult for Microsoft to sustain ADSI developers, as well. ADSI has to have enough features that everyone wants, it must create a pool of developers dedicated to building applications with ADSI and Microsoft needs customers willing to remain primarily on Windows NT/2000.

Both camps face an uphill climb, Villars says. "If you can get enough developers to buy into [the Directory Interoperability Forum] for business applications and everything else, then you can build a foundation where people will write to it because it makes good business sense. And Microsoft faces the same challenge on its side."

Must Read Articles