On 12/6/19 2:49 am, Emmanuel Lécharny wrote:
On 11/06/2019 17:43, Radovan Semancik wrote:
I would be interested about having an exhaustive description of the
differences.
E.g. AD objectclass definition for 'person' looks like this:
Completely different form. Part of the data is equivalent. But there
are extensions (e.g. showInAdvancedViewOnly). Syntaxes are all
different. Auxiliary object classes are handled in a different way
(they can be "included" in structural object class definition). Lots
of subtle differences there.
OMFG...
But the most annoying is objectCategory. AD obviously cannot properly
index objectClass. Therefore they have invented single-valued
objectCategory. That is the primary reason that I have bothered with
this.
I have no words.
Can't wait for M$ to stop using Windows and switch to Linux. Even if I'm
pretty sure they are going to Fxxx it up quite a bit.
The main issue is the fact the API is asynchronous. It makes
*everything* insanely complex. Anyone claiming concurrent code is simple
is either a genious or an imbecile.
I couldn't resist adding a couple personal comments, but I hope they
either amuse or interest the readers of this list.
1. As soon as wifi 802.11 WPA arrived on some windows drivers, I was
paid to write an authentication mechanism between it and a Radius server
with a Netscape LDAP server back-end. It was a nightmare, of course, but
I can smugly say it was successful and I got paid. Part of the project
involved locating the "core" encryption logic and algorithm seed table
- M$ created both, as well as requiring Radius which used SSL-over-UDP
(implemented in java by me). To quote Emmanuel, M$ "Fxxxed it up quite a
bit"!
2. I've been writing multi-threaded code in more languages than I can
easily remember for most of my professional career. I wish I had
Emmanuel's neat quote "Anyone claiming concurrent code is simple
is either a genius or an imbecile" to hand when proposing solutions to
my clients!
3. I still have a personal task to convert some of my own infrastructure
systems from Netscape LDAP API to Apacheds LDAP API, so perhaps I'll get
round to it in 2019? In the meantime, my old LDAP client code plays so
nicely with apacheds (of course, along with quite a lot of custom
schemas) that the job never gets to the top of my list.
4. I Had another $job to interface Netscape LDAP server (by then Oracle,
or was it Fedora - my memory is hazy) to the first implementation of M$
ADS. Yet another nightmare, including a lot of network traces and very
little documentation. I would not want to return to that project now the
baby has grown into a monster!
No wonder I only see grey hairs on my head when I look in the mirror!
One of my clients was an full-blooded native American Indian, who loved
to say "you can always spot the pioneers - they are the ones with arrows
in their BACKS"!
If anyone was listening... thanks for letting me get slightly off-topic!
Good luck to you all - experience tells me you will need it,
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
