Sun Directory Server Enterprise Edition 7.0 Evaluation Guide

Chapter 7 Virtual Directory

The virtual directory functionality provided by Directory Proxy Server enables you to aggregate different data into an LDAP view displayed to LDAP client applications. Data can be filtered or even changed, based on what the client application requires. Different applications can therefore have different virtual views of the same data. By providing a logical layer that presents the data in custom views, you can avoid changes to your underlying infrastructure and existing applications and can deploy more quickly.

This chapter provides an overview of the virtual directory features and covers the following topics:

Defining a Virtual Namespace Made Up of Multiple Sources

The virtual directory consolidates data from multiple directories, databases, and other data sources into a logical view that you can customize for each application's specifications. These virtual namespaces are created when source data is transformed into the proper format, joined from several sources, and restructured according to the needs of your client applications. Different applications can therefore have different virtual views of exactly the same data. Because the virtual namespace is created without changes to the underlying data, implementation is simplified.

For example, an enterprise has deployed a directory server with information about its employees. A separate directory server contains additional employee information to support Access Manager. The enterprise sets up Directory Proxy Server to provide the Access Manager environment a single view of the user data in both directories. The enterprise also uses Directory Proxy Server to distribute updates made to the user entries to the appropriate repository. For example, when a bind is made, updates made by Access Manager to user entries are limited to the Access Manager directory.

For information about creating multiple virtual data views, see Construction of Virtual Data Views in Sun Directory Server Enterprise Edition 7.0 Reference.

The following sections describe the various data views supported by the virtual directory.

Access to JDBC Compliant Data Repositories

The virtual directory provides a JDBC data view that enables you to make relational databases accessible to LDAP client applications. For example, JDBC data views enable you to map LDAP attributes to columns in an RDBMS table. For information about accessing data repositories that are compliant with the JDBC technology, see JDBC Data Views in Sun Directory Server Enterprise Edition 7.0 Reference

Access to Flat LDIF File Resources

The virtual directory provides an LDIF data view that enables LDAP client access to flat LDIF files. For information about accessing LDIF files, see LDIF Data Views in Sun Directory Server Enterprise Edition 7.0 Reference.

Access to LDAP Resources

Directory Proxy Server can access any LDAP v3 compliant LDAP directory server.

Aggregating Data Views to Create Virtual Entries

The virtual directory can create purely virtual entries that are built from multiple entries in multiple data views. You define virtual domains that aggregate data from multiple data sources. These sources can be LDAP directories, JDBC compliant data repositories, or flat LDIF files. Directory Proxy Server supports JDBC for Java DB® 10.2 , Oracle® 9i and 10g, DB2® v9.1, and MySQL® 5.0. Data aggregation includes joining data sources with dissimilar attribute names and different DNs.

For example, a directory contains an entry for Adam Brown, cn=Adam Brown. A human resource application requests the salary information for this user, but this information is stored in a separate Oracle database. Directory Proxy Server accesses the Oracle database for the salary information and uses entry aggregation to add this information dynamically to the entry when it is retrieved by the human resources application. However, for other applications, such as a company address book, this information is not displayed as part of the user entry.

Directory Proxy Server also allows you to use the same data view in multiple joins. For example, you can create a new join that combines a new data view with an existing data view. Directory Proxy Server allows you to configure this multiple data join without any restrictions.

For more information about aggregating data from different data sources, see Join Data Views in Sun Directory Server Enterprise Edition 7.0 Reference.

Mapping Attribute Names and Values

The virtual data transformation feature enables you to map attribute names and values to suit LDAP client applications and multiple disparate data sources. For example, an attribute used by a client application can be mapped to any attribute name in an LDAP directory, LDIF file, or RDBMS database. This feature includes the dynamic creation, deletion, and renaming of virtual attributes, and of attribute values. Multivalued attributes are supported. A facility for defining default attribute values is also provided.

For more information about virtual data transformations, see Virtual Data Transformations in Sun Directory Server Enterprise Edition 7.0 Reference.

Where to Go From Here

To read more about the features presented in this chapter, refer to the following documentation.

Feature

Documentation

Sample virtual directory deployment 

Chapter 14, Deploying a Virtual Directory, in Sun Directory Server Enterprise Edition 7.0 Deployment Planning Guide

Creating virtual data views 

Chapter 22, Directory Proxy Server Virtualization, in Sun Directory Server Enterprise Edition 7.0 Administration Guide

Overview of JDBC virtual views 

JDBC Data Views in Sun Directory Server Enterprise Edition 7.0 Reference

Overview of LDIF virtual views 

LDIF Data Views in Sun Directory Server Enterprise Edition 7.0 Reference

Overview of join data views 

Join Data Views in Sun Directory Server Enterprise Edition 7.0 Reference

Overview of transforming virtual data 

Virtual Data Transformations in Sun Directory Server Enterprise Edition 7.0 Reference