Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.

isode.com / partner overview / isode partners / symlabs /

Partnering with a Technology Leader

LDAP Proxy from Symlabs

LDAP Proxy from Isode partner Symlabs, is a powerful, flexible product that can be implemented in many ways. This page describes some of it's capabilities, and shows how Symlabs LDAP Proxy can add value to directory deployments using Isode's M-Vault set of products.

Distributed Directory

Many descriptions of LDAP systems show a single LDAP server, and treat LDAP as a single server, single database system. LDAP uses a hierarchical DIT (Directory Information Tree) and the key purpose of this hierarchy was to enable an LDAP directory to be distributed amongst multiple servers. Distributing a directory is often a very good thing, as it leads to performance optimization and locality of data management. It also enables multiple directories to operate as a single coherent whole.

LDAP servers are often built, typically due to either to product deficiencies or lack of overall design/planning, in a manner that they cannot be integrated easily. Typical reasons are:

• Inconsistent DITs, that cannot be naturally linked together.
• Different attributes used for the same function. This makes life difficult for directory clients, that will not see a uniform data view.

LDAP Transformation

Symlabs LDAP Proxy is ideally suited for use as an LDAP transformation engine. It can sit in front of an LDAP directory and relay LDAP operations after first re-formatting them. In particular it can deal with DIT inconsistencies and other schema differences to effectively create the appearance of an LDAP server with all inconsistencies "corrected".

M-Vault Connector Scenario

X.500 directories are typically deployed with a DIT structure using countries and organizations. Microsoft Active Directory provides LDAP with a Domain Component (DC=) hierarchy. This makes it hard to integrate into an X.500 system using M-Vault Connector. By using Directory Extender in front of the Active Directory server, it can be made to appear like an LDAP directory supporting a country/organization style hierarchy, and thus integrated with the X.500 directory.

New Business Unit Scenario

Consider an enterprise that operates a distributed LDAP directory, that purchases another company which is operating an LDAP directory with a different (and incompatible) DIT and schema. Rather than replacing the directory in the acquired company, Directory Extender can be used to integrate this server into the existing distributed directory.