> > I have yet to see a good, working open source IAM solution. Unfortunately. > I don't think there's enough critical mass in the plumbing yet. Given all the > projects reinventing the wheel (OpenDS etc...) instead of enhancing what > already exists, the already-rare open source expertise in this technology is > just spread too thin.
This happens allot; one almost expects OpenLDAP to drop BDB and decide to built their own storage backend... :) <clarification>That is meant as humor!</clarification> Anyway, saying things like "next generation directory service" irritates me. So OpenLDAP, FDS, etc... are "last generation" or "previous generation" or ...? What makes something like OpenDS "next generation"? I'd wager anything that as far as scalability is concerned OpenLDAP will leave it choking on dust. > > We work with commercial IAM solutions (e.g., Sun, CA) all the time with > > our clients, but for small installations it would be VERY nice to have a > > viable open source alternative. > That almost doesn't make sense to me. IAM has tended to mean big cumbersome > shelfware sold to large enterprises. In small installations the problem > really > isn't big enough, and sysadmins aren't desparate enough yet. It might be > nice, > but usually in a small installation you can just attack the problem directly > by consolidating accounts, so you don't need a management system to track > multiple accounts per user. I work for what I guess would be a medium sized organization (~500 employees). We have lots of issues because we are too big and complex for the SOHO kinds of solutions but not big enough for the "enterprise" solutions (seems to mean >10,000 users; which is a *big* gap between small and enterprise). Using Open Source, which we do for most of our solutions does chafe sometimes. On the other hand the admins I know at "enterprise" institutions constantly joke about having various "high end" packages "on the shelf". I've also been to various vendor presentations and dog-n-pony shows for some of the high-end solutions and I always walk away thinking: "Ok, your big. But does it *have* to be *that* complicated? Isn't allot of this software just trying to engineer around bad [or sloppy] policies and practices?" Personally I'm looking forward to, or hoping might be more accurate, that Samba4 arrives someday and front-ends OpenLDAP with its Active Directory compatibility. That will provide allot of tools and management functionality Open Source just doesn't currently have. Of course that isn't strictly "identity management" but it will certainly help. --- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
