Directory Service and Synchronization Techniques

Directory Service and Synchronization Techniques

Stephen L. Arnold, Ph.D.

President, Arnold Consulting

Presented 3 November 1997 at the DECUS U.S. Chapter Symposium in Anaheim, as Session MM005.

Abstract

Most mail systems have some kind of directory services. If we only had one mail system in an organization, we wouldn't need this session. Problem is, we're all struggling trying to maintain what we have now while either piloting or migrating to something new. The only way to achieve continuity in service in this state of flux is by developing a central naming standard and using directory services. This session describes one such naming standard and how that standard was implemented using Innosoft's PMDF product.

Unless we get all of our mail systems to use the same directory service, we are faced with maintenance of multiple directories with similar information. This session reviews the techniques used to synchronize DDS, PMDF, and MS Exchange directories in one particular company's environment.

[Title and abstract by Donald Borsay, Allendale Mutual Insurance Company]

Speaker

Dr. Stephen L. Arnold is an independent consultant with over 14 years of networking experience on OpenVMS, UNIX, and IBM mainframe and midrange systems. Steve specializes in internetworking, electronic mail, and directory services.

Marching Orders!

Management has tasked you to develop organization-wide mail directory services with these characteristics:

Note: Since you are connected to the Internet, you can't use the seductive but impractical "same software for every user" strategy.

Native Electronic Mail Addresses

Used for addressing mail within a message handling system

Example: My DECUServe mailbox:

Gateway Addresses

Used for addressing mail between messaging handling systems

These depend on both the gateway and the user agent!

Directory synchronization is frequently used to hide gateway addresses from mail users.

Canonical (Internet) Addresses

There is no universally-used directory for the Internet! Instead, we use names for mailboxes.

For my work mailbox:

Steve.Arnold@Fitchburg.WI.US

When this convention is implemented across organizational units or mail platforms, it is often called central naming. Names and the corresponding Internet native or gateway mail addresses must be gathered on a mail hub (or backbone), which is responsible for routing mail.

Example Directory Environment

Using ALL-IN-1 and Digital's Distributed Directory Service (DDS), Microsoft Exchange, and an Internet connection; we would like to meet objectives with directory synchronization, maintaining:

Three mail communities could require six directory exchanges. We have four, because all Internet users cannot be loaded into our directories!

Each "directory exchange" has three steps:

  1. Dump source to export format
  2. Clean up and massage to destination import format
  3. Load destination from import format

How many exchanges are needed if we add Lotus Notes?

Directory Synchronization Tactics

For each directory source:

  1. Dump the new source data to an interchange format.
  2. Perform any needed cleanup or transformation.
  3. For each other directory destination, either:
    Or:

    Note: Steps 1-3 represent an outer loop. Step 3 is an inner loop. This problem gets bigger geometrically as we add mail systems!

    PMDF Directory Tools

    PMDF includes directory tools to manipulate the X.500 Directory (via LDAP), entry description files, and foreign directories:

    Directories supported include:

    Sample Directory Import

    To import ALL-IN-1 profile entries to an EDF file for exporting to another directory or loading into the X.500 Directory, enter, for example:


    $ pmdf directory /import /a1 /rooting - 
        /domain="Chicago.Acme.Com" /country=US - 
        /org="Acme Corporation" 
    

    A sample entry description from ALL-IN-1:


    RootedAt=o=Acme Corporation 
     
     
    cn=Kelly B Forker 
    mail=Kelly.B.Forker@Chi.Acme.Com 
    postalAddress=Acme Corporation $ P.O. Box 1234 $ \
        Chicago, IL 60001-1234 
    userClass=a1 
    uid=KFORKER 
    sn=Forker 
    l=Chicago 
    roomNumber=14th Floor ms 52 
    phone=+1 312 814 2289 
    objectClass= top & quipuObject 
    objectClass=organizationalPerson 
    objectClass=organizationalUnit 
    objectClass=person 
    objectClass=newPilotPerson 
    

    The userClass attribute is automatically set up by the directory tools. We use it to keep track of the authoritative sources of entries.

    Directory Strategies

    Terminology for this session:

    An Alternative Solution

    Using ALL-IN-1 and DDS, Microsoft Exchange, and an Internet connection; we might instead meet objectives with a distributed (X.500) directory:

    Three mail communities could require three X.500 loads. We only have two, because all Internet users cannot be loaded into our X.500 directory!

    Each X.500 load has the same three steps required by a directory exchange.

    Additional benefits from the X.500 approach:

    Exercise: How many exchanges if we add Lotus Notes?

    Distributed Directory Tactics

    For each directory source:

    1. Dump the new source data to an interchange format.
    2. Perform any needed cleanup or transformation.
    3. Dump the old source data from the master directory to interchange format.
    4. Compute the deltas to get from old data to the new data.
    5. Apply the deltas to the master directory.

    Note: Steps 1-5 represent the only loop. There is no inner loop. This problem gets bigger linearly as we add mail systems.

    OSI Identifier Registration

    To participate in X.500, obtain these identifiers from ANSI:

    Total cost: $3000. Waiting time: 90-120 days.

    Don't worry about challenges. There have never been any!

    Smaller organizations may register in the Internet White Pages under their corporation name at no charge.

    (The examples are hypothetical. Arnold Consulting is a "smaller" organization, and not registered with ANSI. Its entry in the Internet white pages is under Wisconsin, its state of incorporation.)

    Recommendations

    For medium and large organizations:

    Thank you!

    Steve Arnold, Ph.D., President
    Arnold Consulting
    2530 Targhee Street, Fitchburg, Wisconsin 53711-5491
    Telephone: +1 608 278 7700
    Facsimile: +1 608 278 7701

    Steve.Arnold@Fitchburg.WI.US
    http://WWW.Arnold.US

    Back to the Arnold Consulting Welcome Page

    This page was last updated 27 May 2013, and has been visited 17,417 times.


    Copyright Arnold Consulting, 1995-1997. All rights reserved, except you may download this page to view it, and you may print a single copy for personal use. Some of the names here are trademarks of others.
    SLA