NDS eDirectory 8.5: A Detailed Overview

Articles and Tips: article

01 Nov 2000

NDS eDirectory is the foundation of the Directory Enabled Net Infrastructure Model (DENIM). It provides the foundation for all Net services built on the DENIM framework. The release of NDS eDirectory 8.5 in October 2000 provides numerous new features and benefits that make it the ideal platform for building directory- enabled applications and eBusiness solutions.

This AppNote is adapted from product descriptions and other documents found on Novell's World Wide Web site.

Introduction
Benefits of eDirectory 8.5
Hardware Requirements
Summary of New Features
Conclusion

Introduction

NDS eDirectory 8.5 is a full-service, platform-independent directory that serves as the foundation for myriad directory-enabled services. The number of directory-based applications is rapidly increasing, many of which provide crucial e-business functionality such as automated business-relationship management, supply-chain management, and electronic store fronts. Other services that directory-enabled products can provide include automated provisioning, enhanced security, customer profiling, electronic wallets, automated notification systems, customized Web interfaces, and virtual private networks (VPNs).

Application service providers (ASPs), Internet service providers (ISPs), software developers, and other companies that aggressively compete in the Internet economy have made eDirectory their directory of choice, including Business Layers, CNN, PeopleSoft, Red Hat, Sun Microsystems, and Xircom. eDirectory 8.5 is also the foundation for several Novell solutions such as Certificate Server, DirXML, eGuide, iChain, Net Publisher, and Single Sign-on.

A recent report by the Aberdeen Group emphasizes that "today's directory must at least be extensible (able to maintain in-depth, hierarchically linked information about a range of 'objects'--people, devices, applications, resources, and services); portable (able to work with multiple operating systems and applications); and scalable (able to maintain information on thousands of objects in the same directory)" ("Directory-Guided IT: A Planning Manifesto," Feb. 5, 1999). NDS eDirectory 8.5 meets the first two criteria exactly and it far exceeds the third. Its extensible schema and hierarchical tree structure allow you to include and manage nearly any type of object, its native Lightweight Directory Access Protocol (LDAP) support guarantees compatibility with other LDAP-based applications, and it scales to not only thousands of objects but to more than one billion.

This latest version of Novell Directory Services (NDS) powers e-businesses running on NetWare, Windows 2000, Windows NT, Solaris, and Linux networks, and support for Compaq Tru64 UNIX is planned for later in the year 2000. New features in eDirectory 8.5--including DNS federation, filtered replication, and NDS iMonitor--give you additional tools for optimal directory operation and management. The advantages of providing your network with robust, scalable directory services, though already tremendous today, will only increase exponentially as demand for e-business functionality grows and vendors create solutions to fill it.

Benefits of eDirectory 8.5

NDS eDirectory 8.5 provides the following customer benefits:

Enjoy the most fully developed and powerful directory service available
Lay the foundation for electronic commerce
Deploy directory-enabled applications
Access resources with a single login
Scale to any size directory
Keep your network resources secure
Protect your current investment in hardware and software
Reduce the cost of network computing
Enjoy superior schema flexibility
Support open standards
Easily manage your directory
Easily customize your directory to reflect your organization
Reduce network downtime
Use easy and fast application-development tools

Enjoy the Most Fully Developed and Powerful Directory Service Available

NDS has been in development for more than a decade, during more than half of which people have repeatedly proven its value. By far the most widely developed directory service in the world and employed by more than 80 million users to access the services on their networks, NDS eDirectory 8.5 is flexible, extensible, and powerful enough to be the directory for global networks. Many of the world's most successful companies from every business sector use it as the backbone of their networking operations. National Public Radio, CNN, and British Telecommunications have all chosen to use NDS to directory-enable their networks.

Lay the Foundation for Electronic Commerce

eDirectory 8.5 is the only directory that eliminates the barrier between Internet, intranet, and extranet resources. You can gain control of critical e-business processes by extending the reach of your existing infrastructure to your employees, customers, and supply-chain partners.

DNS Federation. With version 8.5 you have the option of installing your NDS trees as DNS trees; that is, the naming convention used for your NDS trees will be the DNS naming convention. When you and your partners install DNS-based NDS trees, you will be able to manage users in your partners' trees as easily as you manage your own--and vice versa. For example, if you want to give a user in your supplier's organization access rights to a database on your organization's LAN, you can do so without creating a new user object for that user. Instead, you can directly grant the user rights to the database using the user object on your supplier's tree.

Unified Architecture. Other Novell technologies are built using eDirectory as the fundamental architecture, including Certificate Server, DirXML, eGuide, iChain, Net Publisher, and Single Sign-on. With DirXML, for example, you can synchronize the information in all of your network directories. This ensures that your employees, customers, and partners are accessing consistent information. In addition to being the core DirXML directory, NDS eDirectory 8.5 provides DirXML with new interfaces, a more reliable delivery mechanism for the event system, and the ability to use filtered replication. (For more information, see the DirXML site at http://www.novell.com/ products/nds/dirxml/quicklook.html.)

Deploy Directory-Enabled Applications

With eDirectory 8.5 you can take advantage of directory-enabled applications that transform your traditional "brick and mortar" business into a thriving "click and mortar" e-business. The following are a few advantages available to directory-enabled e-businesses.

Customer Profiling. As customers browse through your Web site, directory-enabled applications can collect three important kinds of data: observed information --what users reveal through their patterns of movement through the site; stated information--gathered from surveys and profiles; and transactional information-- purchase patterns and so on. With this information stored in eDirectory 8.5, you can tailor your offerings and services to each customer and supply-chain partner, thereby improving their business experience with you.

Figure 1 shows how to apply profile information to customize how a customer sees your Web site. If a user named Leslie Hughes enters the Web site HousePlants.com and begins to browse, special applications record where she goes, what she does, and how long she stays on each page. This information is then stored in eDirectory 8.5, where an application can retrieve it to create a personalized Web page. Next time Leslie calls up HousePlants.com, your Web page's presentation emphasizes those elements in which she is most interested.

Figure 1: eDirectory 8.5 can store information used for customer profiling.

Supply-Chain Management. Figure 2 shows how you can improve communication between your business, your customers, and your suppliers.

Figure 2: A notification system can automatically alert your supplier when you need another shipment.

If you manufacture fluorescent lights for construction wholesalers, you need to ship the right number of lights at the right time while at the same time maintain an adequate supply of glass tubing, gas, and electrical components for your own manufacturing processes.

With eDirectory-enabled software, you can grant your suppliers access to your materials inventory database so that they will know instantaneously when your supplies are low and how much you require. At the same time, you can link to your customers' inventory databases to stay on top of their requirements. Because of eDirectory's superior security protocols, you will not need to worry that your suppliers get access to more information than they need, nor will your customers need to grant you rights to more than what you require.

Automated Provisioning. When a new employee is hired at your company, that employee's first few hours--or days--are occupied primarily with getting things set up: the office or cubicle, hardware and software, ID card, network passwords, network rights assignments, voice and e-mail accounts, payroll, and so on. Getting this new employee's provisions together can be complicated and time consuming, and it is not unusual for some of the provisioning to fall through the cracks.

Figure 3 shows how you can automate the provisioning process using directory- enabled software: the employee's data is entered in one central location and is then transmitted to the relevant departments. You can therefore have everything ready for that new employee when he or she walks in the door the first day. And when someone leaves the company, you can revoke all accounts, network rights, and passwords as easily as they were created.

Figure 3: Provisioning software relies on directory technology to send the right information to the right place.

Accelerated Business Processes. One of the most significant properties of eDirectory 8.5 is that it can automatically update directories on other companies' networks. Figure 4 shows how this feature can accelerate complex business processes. For example, Passenger Bryan Robinson is going to Chicago on business. He is scheduled to depart on Flight 736 out of Salt Lake City. He has a reservation at a hotel near downtown Chicago, and he will be renting a mid-sized car. Unbeknownst to him, Flight 736 has been cancelled due to foggy conditions at O'Hare--a fact he will not know until he arrives at the airport. A call to his travel agent sets the wheels in motion to change his itinerary, but given that everyone flying into O'Hare also needs a reassignment, his agent is likely to get more busy signals than results. Mr. Robinson resigns himself to a long wait and possibly a missed meeting.

Now rewind the scenario and play it again, this time with directory-enabled networks in place (see Figure 4).

Figure 4: A passenger's cancelled flight can be easily and quickly rescheduled with directory-enabled software.

When flight status on Flight 736 is updated to "cancelled," the reservation service automatically notifies Mr. Robinson's travel agency's computer, which immediately queries other airline directories for an alternative flight. Another airline reservation system indicates that Flight 1785, which goes to fog-free Midway airport, has seats available. Because the directory at the second airline lists Mr. Robinson as a platinum frequent-flyer passenger, he gets first-class seating. With the flight information updated, the travel agency service contacts the car rental agency's computer, transfers Mr. Robinson's reservation for a mid-sized car from O'Hare to Midway, and draws up new directions to the hotel with a reading from a global positioning satellite. The service at the travel agency simultaneously updates Mr. Robinson's record in the hotel's directory to show late arrival. As soon as Mr. Robinson's new itinerary has been fully updated, the new information is sent to his pager while he is en route to the airport. Instead of frustration and inconvenience from the cancelled flight, there is no waiting, no hassle, and no missed meeting.

Directory-Enabled Applications. The following table lists some of the products that leverage eDirectory.

Category	Applications
Automated Provisioning	Business Layers eProvision Employees
Customized Web Sites	Bowstreet Web Automation FactoryenCommerce getAccessEprise Participant Server
Supply-Chain Management	Netfish XDI systemwebMethods B2B Product Suite
E-Commerce	TRADE'ex DistributorVerix eSales
Dynamic Document Publication	Novell Net PublisherEprise Participant ServerJetForm product familyNetObjects Authoring Server Suite
User Management Systems	Netegrity SiteMinder
Network Management Systems	Novell ZENworks for DesktopsNetwork Associates Zero Administration Client Suite
Virtual Private Networks	Indus River Networks RiverWorks Enterprise VPN
Sharable Address Books	Nexal NexCard
Enterprise Work Management	Novell GroupWiseMetastorm e-work

Access Resources with a Single Login

Because of eDirectory's powerful authentication services, your customers and partners will not need to log in more than once to access resources on your network. For example, when users at your supplier's company log on to their own network via eDirectory 8.5, they will not need to log on again when accessing those parts of your directory to which they have rights.

Scale to Any Size Directory

In March 1999 Novell demonstrated eDirectory with one billion objects in the directory tree--a new bar for directory scalability. Even more impressive, Novell demonstrated eDirectory performing LDAP searches with subsecond speed. Therein lies the power of eDirectory 8.5: even at large capacities, it performs with great speed. Organizations that deploy eDirectory 8.5 can be confident the infrastructure will support growth with consistent performance.

With virtually unlimited capacity, eDirectory 8.5 allows you to extend your directory infrastructure to the Internet, bringing your customers, partners, and suppliers online. In fact, eDirectory 8.5 can manage more than five times the number of users as there are on the Internet today. This unlimited scalability is invaluable to ISPs and Internet customers who are constantly capturing and managing enormous amounts of data in a central location. eDirectory 8.5 helps enterprise customers build the infrastructure required for e-business.

Keep Your Network Resources Secure

eDirectory 8.5 offers superior security features. It protects access to the network by requiring users to authenticate to it when they log on. eDirectory provides flexible user authentication support ranging from passwords encrypted over Secure Sockets Layer (SSL) to X.509v3 certificates and smart cards. The login authentication service is based on the public-key/ private-key encryption technology developed by RSA Data Security, Inc., which relies on a private key and digital signature to verify the user's identity. Once the user is authenticated to the network, further authentication (which is required when a user makes a request to a different server) is handled in the background by eDirectory and thus is transparent to the user.

With eDirectory 8.5 you can create a secure environment by providing the scalability, reliability, and universal access necessary to properly manage digital certificates, cryptography, authentication, and other security technologies. eDirectory has open-standard security services--establishing Novell as the leading provider of directory-based network security. eDirectory security components include:

Novell International Cryptographic Infrastructure (NICI). The first international cryptographic infrastructure that developers can leverage to receive the appropriate level of encryption for their application (based on the region of the world where the application will be used) without embedding cryptography in the application.
Secure Authentication Services (SAS). A modular authentication framework that provides next-generation authentication services; SAS currently provides SSLv3 support.

Protect Your Current Investment in Hardware and Software

eDirectory 8.5 is a truly cross-platform global directory that will operate on NetWare, Windows 2000, Windows NT, Sun Solaris, and Linux, thus ensuring compatibility with your customers' and partners' current systems. In the year 2001, eDirectory 8.5 will also run on Compaq Tru64 UNIX.

LDAP Support. eDirectory 8.5 features an improved native implementation of LDAPv3 running over SSL, which provides fast searches, auxiliary classes, referrals, and controls. Such strong LDAP support provides an open structure for applications and developers and simple integration with applications that are written to this Internet standard. To this end, Novell has released the Novell LDAP Libraries for C, a software developer kit (SDK) that makes developing to LDAP and eDirectory easy and practical.

Reduce the Cost of Network Computing

A recent white paper by International Data Corporation found that the three-year return on investment (ROI) for companies that use NDS averages 210 percent. By centralizing management and simplifying tasks such as password administration, adding and deleting users, changing user configuration and access rights, and handling application installation and upgrades, companies both large and small report gains of 20 to 30 percent in IT staff operational efficiency. Staff needed to administer servers, desktops, and applications was reduced by an average of 33 percent, and the need for system administrators to travel to remote locations was virtually eliminated.

Increased Network Efficiency using Standard and Filtered Replication. With the standard replication features in eDirectory 8.5 you can ensure optimum network performance. Figure 5 shows how you can divide the directory into partitions and distribute replicas of these partitions to distant servers, placing resources closer to users who need them. Because users will not have to access a central database each time they log in to the directory, authentication and access to data is almost immediate.

A replicated directory increases reliability: when a copy of the directory is placed on every server in the partition, directory services will be available when a server goes down or if a link is accidentally severed. eDirectory 8.5 enables you to construct a system where server failure, maintenance, or temporary loss of a communication link will not affect your users' access to directory services and directory-enabled applications.

Figure 5: Users can authenticate to their local partition of eDirectory 8.5 instead of authenticating across an expensive WAN link.

New in eDirectory 8.5, filtered replication enables you selectively copy and distribute any part of a partition, including objects and their attributes. Filtered replicas are generated by a replication filter that you create in eDirectory 8.5. Creating the filter is an easy process: you simply select the object classes and attributes that you want the filter to accept. Once the filter is created, you select a partition or set of partitions to filter and determine whether you want either a read-write filtered replica or a read-only filtered replica.

Benefits of filtered replication include reducing the amount of information stored in a particular NDS database and being able to tailor the information to a particular audience. For example, Credit Card Company XYZ's customer service department has an application that manages customer information. The application runs on a server that receives both real replicas and updates to attributes that are not desired for the application. Because the customer service representatives only need access to account information--not individual credit ratings or credit application criteria--administrators can set up a filter to create a replica that holds only account information. This decreases the size of the local NDS database and improves the speed with which representatives access information.

Reduced Hardware Costs. It is not necessary to purchase a new server to store a backup copy of each partition; instead, you may store copies of several partitions on one server.

eDirectory 8.5 takes up little disk space and is equally conservative with regard to bandwidth usage across the network. Partitioning across wide area network (WAN) links and sending only directory changes to replicas are only a few of eDirectory's features that help you economize on hardware resources.

Enjoy Superior Schema Flexibility

eDirectory 8.5 includes a robust default schema; nevertheless, you can extend the default schema to customize the database to fit your needs. For example, you can extend a user object by adding new attributes such as a Social Security Number or an emergency contact name and telephone number. Independent software vendors (ISVs) can also integrate new services into the network by extending the schema and creating new objects. For example, ISVs have added fax server functionality to the network by adding a fax server object to the directory tree.

Support Open Standards

Novell is committed to the open standards movement, which seeks to achieve compatibility between vendors' products through common, public-domain standards. The opposite paradigm, proprietary standards, would limit companies to one vendor's offerings, thereby achieving compatibility within an organization's network while jeopardizing compatibility with their customers, suppliers, and partners.

eDirectory 8.5, based on the X.500 international standard for directory hierarchy, supports more Internet protocols and de facto standards than any other directory:

ActiveX
Bindery
DHCP/BOOTP
DNS
HTTP
IETF dial-in
Java
LDAPv3
NCP
NDAP
NT Domains
ODBC
PKI
PKCS10
RADIUS
SMB
SSLv3
X.509
XML
and others

Easily Manage Your Directory

NDS eDirectory is the industry's most easily managed directory. To enjoy this same ease in managing mixed-platform networks, use Novell Account Management 2.1. (See the Novell Account Management product description online at http://www.novell.com/products/nds.)

Easy Object Management. When Eva is transferred from Accounting to Human Resources, you can move her object from one organizational unit (OU) to another in one quick, drag-and-drop operation. No need to delete her object from one OU and recreate it in another, and no worry that her information will become lost in the transfer--her e-mail account and password will remain intact and she will still be able to access her personal network folder. Her object will also automatically acquire all the rights assigned to the new OU: whereas in the Accounting OU she had rights to the Funds database, upon moving her object to the Human Resources OU she will immediately acquire rights to the Employees database. Figure 6 shows how this is accomplished.

With eDirectory 8.5 you can easily and quickly accommodate changes to the organization and to personnel assignments without having to delete and recreate objects from scratch. This leaves you with time to attend to network improvement--time that is usually taken up by repetitive housekeeping tasks.

Figure 6: The system administrator can grant Eva all the default rights of her new OU in one drag-and- drop operation.

Dynamic Inheritance. With eDirectory 8.5, organizations can choose to centralize management and administration services across departmental boundaries or to delegate administration to the department or workgroup level. For example, one department may have more strict security requirements than the rest, so rights can be given to one user who would have exclusive administrative control over that department's directory branch. Once those rights were granted at the highest level of the department's directory, the rights would automatically "flow down" to the subordinate objects. This feature eliminates the need to add redundant information to the access control list (ACL) of each object in that container, which saves valuable disk space and bandwidth.

Figure 7 shows how Ilsa is given administrative control over the entire New York OU: once her user icon has been dragged and dropped to the New York OU level, her rights extend downward to include the Albany and NYC OUs and all the servers and users in them.

Figure 7: Administrative rights granted at the OU level automatically "flow down" to all subordinate objects.

Flexible Scope of Administration. The scope of administration in eDirectory 8.5 can be as broad as an entire enterprise or as specific as an object's individual attributes. You can grant administrative rights down to the user level, such as the ability for a user to manage objects--users, printers, and servers--or attributes--e-mail addresses and phone numbers.

Partitioning with Fine Degree of Granularity. Creating partitions not only provides increased fault tolerance, it also reduces traffic across unreliable or expensive WAN links, eases workload on servers, and maximizes server disk space. With eDirectory 8.5 you can partition down to a single OU, which can be any size you choose. This feature gives you the flexibility to partition according to what will best optimize network resources. And no matter how many partitions you create, the directory tree will appear as a unified whole so that you can manage it from a single point.

Flexible Directory Indexing. An indexing system in a directory is necessary to provide optimal search performance of the directory. With eDirectory 8.5 you can build an index from any object or attribute in the directory.

Directory-Management Tools. With NDS management tools you have the flexibility to design and manage a directory infrastructure that suits your organization's needs. eDirectory 8.5 includes the following tools:

NDS Server places replicas of eDirectory 8.5 locally on primary domain controllers and backup domain controllers (PDCs and BDCs)
ConsoleOne and NDS iMonitor allow you to manage all your network users and resources
NDS Manager manages partitions, replicas, servers, and the eDirectory 8.5 schema
Novell Client provides users with access to all eDirectory 8.5 features
LDAP provides an open structure for integration with applications written to the Internet standard
Novell Import Convert Export utility imports and exports large amounts of LDIF and LDAP data
A bulkload utility adds millions of objects to the directory in one move using the LDIF data format
A repair utility repairs and corrects problems with the eDirectory 8.5 database, such as records, schema, bindery objects, and external references
A backup utility backs up and restores eDirectory 8.5 objects and schema

ConsoleOne. ConsoleOne is a Java utility that provides a cross-platform solution for easy extensibility to the Web. With management capabilities for billions of objects ConsoleOne easily "snaps in" to the Web. ConsoleOne is a client-side tool that has base parity with NWAdmin, improved performance, and added value.

ConsoleOne is designed to be a central console with capabilities and features that are snapped in as needed to manage and administer the diverse hardware, software, and data that compose modern computer networks. The particular set of features you see in ConsoleOne depends on the composition of your network. For example, if eDirectory 8.5 is installed on your network, you see features for browsing eDirectory 8.5 trees and administering eDirectory 8.5 objects. If NetWare is installed, you see features for accessing NetWare server consoles and managing server resources.

With ConsoleOne you can perform the following tasks:

Browse large eDirectory 8.5 containers that contain thousands of objects; ConsoleOne retrieves and displays the contents one page at a time.
Search or filter the contents based on object name and type
Configure LDAPv3 services on individual NetWare servers and control how LDAP-based access to eDirectory 8.5 works for different groups of users
Create, move, rename, delete, and modify any type of eDirectory 8.5 object defined in the schema of your eDirectory 8.5 tree; custom property pages are available on most object types, and a generic Other page lists any leftover properties. You can modify multiple objects of the same type simultaneously.
Extend the eDirectory 8.5 schema to allow the addition of new types of objects and properties to your eDirectory 8.5 tree, including the ability to create auxiliary classes
Create templates for setting up new user accounts. A template supplies initial values for most properties of the user object.
Control whether eDirectory 8.5 rights assignments are inheritable to lower levels in the tree, even for specific properties such as login passwords
Manage the file system on individual NetWare volumes; You can create, move, copy, and delete individual files and folders. You can modify file and folder attributes, including rights assignments and owners, or view and change volume statistics and control disk space allocations by user or by folder.

NDS iMonitor. New in eDirectory 8.5, NDS iMonitor is a Web-based management tool that you can use to assess the health of your NDS tree from any location, equipped with only a Web browser and Internet access. Using NDS iMonitor, you can quickly identify potential problems and troubleshoot them before they become noticeable to your users. NDS iMonitor runs on the same platforms as eDirectory 8.5 and supports the following versions of NDS:

All NDS eDirectory versions on any platform (including Linux)
All NDS versions running on NetWare 4.11 or above
All versions of NDS for NT
All versions of NDS for Solaris

Providing you with vital information, NDS iMonitor only has to be installed on a single server. From there, it can assess the health of the other network servers and return the results to your Web browser. Flexible and versatile, NDS iMonitor frees you from trips to the server room; it gives you the convenient web-based access you need to keep your network running smoothly, regardless of your location.

Novell Import Convert Export. Also new in NDS eDirectory 8.5, Novell Import Convert Export (ICE) is a powerful directory-management tool you can use to quickly import large amounts of LDIF-formatted data into NDS and other LDAP directories. Likewise, you can also use ICE to export data from LDAP directories--including NDS--into LDIF format.

What really distinguishes ICE from other vendors' management utilities is its ability to use XML rules to process data. Using these rules, you can migrate data directly between two LDAP servers--no intermediate LDIF conversion is necessary.

Easily Customize Your Directory to Reflect Your Organization

When departments split or consolidate, you can reflect these changes in eDirectory's tree structure. A single drag-and-drop operation painlessly rearranges the structure of the tree and enables new administrative rights to be assigned if needed. eDirectory 8.5 does not place many limitations on the degree of granularity you can use in merging or dividing, nor does it require that the entire network be reconstructed or rebooted every time you need to make major changes.

Strategically Placed Resources. The hierarchical structure of eDirectory 8.5 enables network supervisors to arrange network resources in the directory tree according to the way they are used. With resources placed near the users who access them, network traffic across WAN links decreases.

Reduce Network Downtime

With eDirectory 8.5 you can secure your directory against data loss and downtime by replicating partitions to strategic locations on the network. This protects your directory from problems caused by a single point of failure, such as a master server going down or the temporary loss of a communication link. If a primary partition is lost, the directory automatically reconfigures itself to use another copy, or replica, of the partition. In addition, you can restore a partition that has been lost from one server by using a replica on a different server.

When changes are made to any partition, eDirectory 8.5 automatically updates every replica of the partition, using time synchronization, thereby ensuring the reliability of the information within each partition. Furthermore, to ensure optimum performance, only the changes are sent across the network.

Dynamic Changes While Server Is Running. eDirectory 8.5 provides dynamic partitioning and replication "on-the-fly," which means that the directory can be partitioned and replicated without rebooting servers or interrupting directory or user access. This allows network supervisors to change the structure of the directory whenever needed, thus maintaining a fluid network composition that can readily and easily change with the company.

Use Easy and Fast Application Development Tools

To encourage and enable developers to write applications to open directory standards, Novell provides the Novell LDAP Libraries for C. Available for NetWare, Windows, Solaris, and Linux platforms, the Novell LDAP Libraries for C enable you to develop applications that are compatible with eDirectory 8.5 or any other LDAP directory. In addition, you can eliminate or greatly simplify the task of creating a directory for your network-enabled applications. The Novell LDAP Libraries for C can be downloaded free of charge from http://developer.novell.com/wiki/index.php/LDAP%20Libraries%20for%20C.

Third parties have developed more than 400 applications that leverage eDirectory. In fact, the number of developers in Novell's DeveloperNet program exceeds 50,000; more than 70 percent of them are developing applications that use eDirectory. There are more development tools for eDirectory than for all other directory services combined. Some of the most popular development interfaces used to develop these applications include:

ActiveX controls
ADSI
C/C++
Java
JavaBeans
JavaScript
JNDI
LDAP
NDS SDK
NetBasic
OCX
ODBC
Novell LDAP Libraries for C
Oracle NCA
Perl
REXX
Visual Cafe
VisualBasic

By using eDirectory 8.5, developers can be confident that they are adding tried-and-true directory functionality to their applications. They can use their choice of familiar developer tools without having to design and build access and management services of their own. Not only that, they can design, build, market, and support their applications while Novell supports (and markets) the directory services end.

For a listing of Novell partners, applications they have developed that leverage eDirectory, eDirectory development tools and application programming interfaces (APIs), and developer-related documentation, visit http://developer.novell.com/.

Hardware Requirements

To run NDS eDirectory 8.5, you need the following hardware:

Intel Pentium PC or UNIX workstation
32 MB of RAM (64 MB recommended)

The system requirements for NDS eDirectory 8.5 will depend on the design and size of your directory tree. For example, if you were to create one million objects in a directory, you would need 1GB of hard-drive space.

Summary of New Features

In summary, here is a list of the new features and functionality in NDS eDirectory 8.5 that help make it the ideal platform for eBusiness applications:

Tree federation is a powerful new feature that makes it easier for a company to establish business-to-business commerce by allowing companies to share directory attributes and information with partners, suppliers and customers without having to duplicate databases.
Filtered replication delivers a more flexible way for network administrators to tailor and customize data and processes. By filtering searches and retrieval, it reduces the amount of data that needs to be searched, thereby providing faster results.
iMonitor is a browser-based monitoring tool that makes it easy for administrators to monitor and trace directory operations throughout the enterprise. Network administrators now have a way to keep an eye on eDirectory activity from anywhere, at anytime.
Novell Import Convert Export utility can be used to quickly import large amounts of LDIF and LDAP data into NDS and other LDAP directories. It can also exports data from LDAP directories (including NDS) into LDIF format. It offers the ability to use XML rules to process the data, eliminating the need for intermediate LDIF conversion when migrating data between two LDAP servers.
An improved native implementation of LDAP v3 running over SSL provides fast searches, auxiliary classes, referrals, and controls. LDAP support makes it easier for administrators and software developers to integrate their applications easily into eDirectory, offering a more simplified way to communicate and interact with the directory.
Enhanced security includes support for PKI, NMAS and SSL.
Extended platform support includes NetWare, Windows NT, Windows 2000, Solaris, Linux, and soon Tru64 UNIX from Compaq.

In addition, NDS eDirectory 8.5 has substantially improved performance and an improved data store that automatically determines optimal configuration settings for caching and indexing.

NDS eDirectory 8.5 is the underlying technology for two other Novell solutions: DirXML and Novell Account Management 2.1 (formerly as NDS Corporate Edition).

DirXML is powerful new integration software that combines directory technology with Extensible Markup Language (XML), the common language of eBusiness. It allows core company information to be automatically synchronized and shared between and within enterprises.
Novell Account Management provides the ability to centrally manage and integrate user account information across mixed platform environments, enabling employees, business partners, and customers to work together in a truly integrated manner.

Conclusion

NDS eDirectory is the only directory on the market that works on all leading operating systems, which significantly simplifies the complexities of managing users and resources in mixed Windows 2000, NT, NetWare, Linux, and UNIX environments. It is the industry's only secure, scalable, cross- platform directory service, allowing organizations to centrally store and manage information across all networks and operating systems, preserving existing IT investments, and offering a high return on investment for new deployments.

The pricing for eDirectory 8.5 is unchanged at $2 USD per user. Novell offers flexible subscription plans for ISPs and ASPs and other customers with very large directories. You can order NDS eDirectory 8.5 from any Novell Authorized, Gold, or Platinum Partner. For more information, contact your local Novell office or call the Novell Customer Response Center at 1-801-861-4272. In the United States and Canada, call toll free 1-888-321-4272.

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.