A virtual directory is a network service which provides access to two or more data sources in a manner that makes them appear to be a single directory.

The data sources may themselves be actual directory servers -- for example, one or more Active Directory domains or some other LDAP directories. They could just as easily be SQL-type databases or other data sources (e.g., web services, CSV files, etc.).

Virtual directories normally expose the data in a single view, accessed using the LDAP protocol. They must provide read access and may also provide write-back capabilities to their data sources.

The data aggregation performed by a virtual directory may be object-level -- i.e., different directory objects represented in the consolidated view are actually stored (physically) in different data sources. The aggregation may also be attribute-level -- i.e., different attributes of the same object may be pulled from different data sources.

Return to Identity Management Concepts