Hallo everyone!
i was happy getting ldap, hearing about kerberos is even better :)
i did not want to draw the active directory replacement picture.
actually using exchange, windows clients, sharepoint... there is a need
for an active directory when using windows. just for easy living.
what we encountered: we need the same ldap structure at different
locations that do not only contain the users with windows logins. we
have a custom made CRM and sometimes someone turns from 'interested'
into 'customer'. so he will need a useraccount in different tools.
currently this is all done manually.
my vision was: sync apacheDS with actice directory. from there use the
wiki, the dms, the crm and so on with apacheDS. and then mirror it to
the other company sites or the cms / forum.
the only thing all tools have in common is ldap authentication. and
accessing apacheDS for java people looks much more promising than using
active directory as the master (which cannot be easily deployed with
java apps too)
and well it all looks blody complicated. makes it interesting somehow.
well. thanks for paying attention :)
regards
ossi
Emmanuel Lecharny schrieb:
Hi Denis !
My fault, I have only been looking at the ldap part of apache
directory...
No problem at all ! At least, it demonstrates that we need to improve a
lot the documentation :)
I defininitly shall try the kerberos/dns/dhcp part of ApacheDS.
Currently I'm using heimdal, bind and isc dhcp server on ldap backend
(openldap), and looking for better solution, that's why I'm following
this list. I didn't realized I could already get all of it bundled in
ApacheDS! I'll try to accomodate for a few hours to roll out a test
bench.
Don't blame me if you have problems while doing such an experiment ;)
This is a very early bird, and it needs a lot of work to be able to use
it smoothly... Any feedback will help, of course !
And when it comes to LDAP server compliance, please just read this :
http://www.symas.com/documents/Adam-Eval1-0.pdf
So we think that ADS could stands for an active directory
replacement. Even if you just need the ldap part.
Sorry I think I misrepresented my point. I don't claim that ActiveDS
is a good, bad or better LDAP server. I just wanted to point out that
ActiveDS is not just an ldap server.
I dodn't want to say that AD is a bad piece of techno either. I just
wanted to point to this very interesting paper written by our friends at
OpenLdap (which is a really good LDAP server btw!)
Anyway, replacing AD by another LDAP server is not that easy, if you
consider that AD is a major element of the Window$(tm) system.
The fact that it is much more than an ldap server makes it one of the
most difficult part of proprietary stuff to get out of a IT
infrastructure... What a pain !
indeed :)
Thanks Denis !
