Classnotes | LDAP01 | RecentChanges | Preferences For our purposes, a Metadirectory is any directory service that presents an alternate view of a data source. There are a number of metadirectory vendors listed on page 209 of the book.
So why would you want a Metadirectory?
Well, as we have seen, we can integrate Windows and Unix authentication and directory services via a variety of methods (everything from Windows-centric to Unix-centric). However, even after we've integrated, there is still a likelihood for some data redundancy.
For example, if we integraded an Active Directory subtree to a main OpenLDAP root context (as we just saw) we will still wind up having users represented in two different areas (yes, they will all be in the directory, but they will be parts of two different trees.) While this may not be such a concern if you authenticate your Windows clients totally via SAMBA, it certainly will be if you deviate from that scheme even slightly.
A metadirectory actually allows us to (at least superficially) move away from a Windows-centric, Unix-centric, anything-centric directory and move toward a "directory-centric" directory. I.e., a directory where the backend only matters to the applications using it. If it is a Windows authentication client, it sees exactly what it needs. If it is a Unix SSH client, it sees exactly what it needs. If it is a Windows client authenticating across a Unix SAMBA server, the server sees exactly what it need.
See last paragraph of page 209 for an example.
Okay, so "directory-centric" directory sounds hokey, and it is. Technically speaking, the directory backends and protocols are still very much tied to a given vendor. And technically the user-level applications will still be tied to whatever directory they were before hand. However, the key here is that changing information in one directory will "ripple" into the other and transform into exactly what is needed in that one.
This section is about the holy-grail of LDAP implimentation, and has as its requisit all the knowledge we've gained up to this point in order to understand. Unfortunately, its also not something we can do in class as an activity, because with our setup we do not have time to perform such an integration. Additionally, one implimentation of a metadirectory will undoubtedly look different from another. So the metadirectory solution will likely be unique to a given problem.
