> You've already got AD, so you could use VAS (http://vintela.com) for > your Unix and Linux systems, VSJ for the J2EE app servers. Best > practice now days is to standardize on a primary identity store for as > many platforms as possible. Unix, Linux, j2ee and Windows systems can > all use AD with a few add-on products out there. The fewer > directories the fewer identities the fewer issues the fewer audit > failures = less admin costs more ROI. Anything that is legacy that > you can't get working with kerberos/AD you can take a metadirectory > solution like MIIS and synchronize.
AD was ruled out for scalability, stability and interoperability. We feel we can get more out of a standard LDAPv3 compiant directory server on a Unix/Linux environment than we can with AD. We avoid using Windows with our critical enterprise applications for several reasons including the always exciting patching party we had this weekend rebooting boxes for 12 hours. I'll take Linux/Unix any day. We currently have a fully populated Domino directory we intend to dump in LDIF format as a starting point for the directory server we choose. On the Windows side we have too many AD directories and NT domains to consolidate in timely manner and would perfer to replicate out to them. We have also had problems with AD and Domino integration. If we select a directory server that can be used to replicate data out to both environments, we will be much better off IMO. Also, IBM and Sun's products seemed to have a more robust and feature-full identity manage software package. We are looking at more than just a directory. We are looking at external and internal users all being able to self service passwords and account creations to ease the load off of our help desk personnel and single sign on will become a large issue as well. In our evaluation of Microsoft's AD, we didn't feel it was the best choice for our situation. Erik R. Jensen .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
