Further Reading

Understanding and Deploying LDAP Directory Services > 6. Data Design > Sources for Data

Sources for Data

Now you should have a list of all the data elements you want to include in your directory service. It is time now to take a slightly broader view and determine where you will obtain the values for the data elements and how you will manage the relationships with other data sources.

By now you probably have a pretty good idea what data elements exist in electronic form in the other data sources within your organization. Some data elements are probably unique to a new application you plan to deploy; thus, the data values themselves may not exist anywhere yet. Figure 6.6 depicts some common data sources.

Figure 6.6 Some common data sources.

The following are common data sources:

• Other directory services

• Network operating systems running within local area networks

• Databases that your organization already has online

• Simple files or spreadsheets that hold data in electronic form

• Applications

• Administrators

• End users

You may need to obtain data from any or all of these sources. For each data element you plan to include in your directory, you should decide the following:

• What data source will be consulted to obtain the initial data values?

• Who will be allowed to access the data element?

• Who will be allowed to modify the data element?

• Will the data element be updated from other data sources on an ongoing basis?

• Will changes made in the directory be propagated back to any other data sources?

The information you have already gathered about each data element should help with these questions. You may not have all the answers when you initially deploy your directory service, but it is important to give some thought to these issues in advance. You do not want your directory service to hold out-of-date information, nor do you want your directory service to be accused of trying to supplant the human resources department's database (unless that is your goal). Some of the common data sources and surrounding issues are discussed in more detail in the following sections.

Other Directory Services and Network Operating Systems

Your organization may already have a large, central directory service. If not, you probably have departmental LANs that include some kind of network operating system such as Novell NetWare (with data held in the NetWare Bindery or Novell Directory Service servers), Microsoft Windows NT Server (with data held on NT domain controllers), or Sun's Network Information Service (with data held in NIS servers). You probably also have data in domain name system (DNS) servers.

Find out what data is contained in these systems and how it is being used. You should think about whether the LDAP directory service you deploy can take the place of some of these existing directories. You should also consider replicating data between the various systems; this should prevent the problem of having different values for a data element that is duplicated in several systems.

Databases

There are probably several database systems (relational, hierarchical, or other) that hold interesting data in your organization. Examples include human resources or personnel databases, student databases, and databases used to manage network resources. If you have an in-house Private Branch eXchange (PBX) telephone system, its database probably has the most up-to-date telephone number information.

In general, you will view these existing databases as gold mines when populating your directory service with an initial set of data. Do not be surprised if these systems are hard to work with though. Typically, they are expensive to run, difficult to make changes to, and hard to tie into other systems. Some databases may impose unreasonable restrictions on certain data fields, making the databases fairly useless as data sources. For example, a PBX database may be able to store only six characters for a login ID, whereas most other systems allow eight to be used. These kinds of restrictions also make it difficult to propagate information from your LDAP directory back into the database if you ever want to do so.

You will need the cooperation of whoever runs these databases to get the data you are interested in. Thus, you may need to spend time lobbying to convince them that your new directory service is valuable to them and the organization as a whole.

Files

In smaller organizations or within departments, it is common for a secretary to maintain a complete phone list in a simple file or spreadsheet. If the information is maintained at the department level, it can be a good source for the most up-to-date contact information on people. Of course, the data may not be in a form that is easily pulled into a structured data system such as an LDAP-based directory service. However, you should investigate these file-based data sources anyway in case they prove useful.

Applications

Many network or collaborative applications have a built-in database or directory that stores information about users of the application and other objects the application needs to know about. These application-specific directories tend to be proprietary, closed systems that may not even provide APIs for accessing the data. Examples include electronic mail systems that are not LDAP-aware, Web servers, and electronic calendar systems.

One of the most important reasons to invest in a directory service based on LDAP is to replace many of these application-specific directories, or at least to coexist with them. You need to develop a coexistence strategy or actively manage a transition to the replacement service (this may be a lengthy strategy). The existing directories are the best source for the application-specific data elements you plan to store in your directory service, so try to work with them and not around them.

Administrators

A lot of interesting data is managed by the administrators who are charged with caring for the computer systems, networks, and telephone systems within an organization. If the data these administrators manage is not available in electronic form or another manageable format, you will still want to directly enlist the aid of these administrators in setting up and maintaining the data held in your directory service.

End Users

Last, but certainly not least, end users are often the best source of data about themselves. This is especially true with personal contact information (such as home telephone numbers and addresses) and preferences.

Because you probably do not have time to ask each person for information, you should provide an easy-to-use interface to your directory service so that individuals can update their own information. Some data elements come from other databases or are maintained by administrators or applications, so be prepared to explain to end users why they can't change those data elements themselves. It is a good idea to publish information about the origin and owner of each data element held in your directory service. This is usually covered in your data policy statement (as discussed earlier in this chapter).

Index terms contained in this section

2002, O'Reilly & Associates, Inc.