Re: [Feedback needed] ADS pros and cons ?

Wed, 23 Jan 2008 05:28:20 -0800 

Hi Emmanuel,



1) we currently use ADS for experiments, we plan to replace MS Active 
Directory Server with a more open LDAP Server



actually Active Directory is more than just a ldap server. It bundles 
a customified ldap server, a kerberos server, a dns server, and some 
ms rpc stuff. So apache directory server could not, by itself stands 
for an active directory replacement (unless the only thing you need is 
the ldap part).

Actually Apache Directory Server is more than just a ldap server too. It 
bundles a *standard and compliant* ldap server 
(http://directory.apache.org/community%26resources/open-group-certification.html), 
a kerberos server, a dns server, a NTP server, a DHCP server, a SSO 
solution (TripleSec) and a tool (Apache DirectoryStudio) which can't be 
compared to LDP, because it would like comparing M$ Word (tm) to M$ 
Notepad(tm).



My fault, I have only been looking at the ldap part of apache 
directory... I defininitly shall try the kerberos/dns/dhcp part of 
ApacheDS. Currently I'm using heimdal, bind and isc dhcp server on ldap 
backend (openldap), and looking for better solution, that's why I'm 
following this list. I didn't realized I could already get all of it 
bundled in ApacheDS! I'll try to accomodate for a few hours to roll out 
a test bench.



And when it comes to LDAP server compliance, please just read this : 
http://www.symas.com/documents/Adam-Eval1-0.pdf



So we think that ADS could stands for an active directory replacement. 
Even if you just need the ldap part.



Sorry I think I misrepresented my point. I don't claim that ActiveDS is 
a good, bad or better LDAP server. I just wanted to point out that 
ActiveDS is not just an ldap server. The fact that it is much more than 
an ldap server makes it one of the most difficult part of proprietary 
stuff to get out of a IT infrastructure... What a pain !



*But*, because nothing is perfect, it has to be documented, tested, 
fixed, etc. We need volunteers for that.



Open source projects are getting close to a replacement of ActiveDS, 
and bundling ApacheDS + Samba4alpha3 + Bind/sdb_ldap should almost do 
the trick, however it is not yet very polished and might need some 
twicking.

I agree fully with the polishing and twicking needs !


If everything was too easy, there would'nt be any more fun geeking around!

Cheers,

Denis

--
Denis Cardon
Tranquil IT Systems
44 bvd des pas enchantés
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.62.67
http://www.tranquil-it-systems.fr
























					Reply via email to