Salut ossi, just FYI: Penrose (http://docs.safehaus.org/display/PENROSE/Home) might be interesting for your plans... just in case you didn't stumble upon it.
Cheers, Aleks ossi petz wrote: > Hallo everyone! > > i was happy getting ldap, hearing about kerberos is even better :) > > i did not want to draw the active directory replacement picture. > actually using exchange, windows clients, sharepoint... there is a need > for an active directory when using windows. just for easy living. > > what we encountered: we need the same ldap structure at different > locations that do not only contain the users with windows logins. we > have a custom made CRM and sometimes someone turns from 'interested' > into 'customer'. so he will need a useraccount in different tools. > currently this is all done manually. > > my vision was: sync apacheDS with actice directory. from there use the > wiki, the dms, the crm and so on with apacheDS. and then mirror it to > the other company sites or the cms / forum. > > the only thing all tools have in common is ldap authentication. and > accessing apacheDS for java people looks much more promising than using > active directory as the master (which cannot be easily deployed with > java apps too) > > and well it all looks blody complicated. makes it interesting somehow. > > well. thanks for paying attention :) > > regards > > ossi > > > > Emmanuel Lecharny schrieb: >> Hi Denis ! >> >> >>> My fault, I have only been looking at the ldap part of apache >>> directory... >> No problem at all ! At least, it demonstrates that we need to improve >> a lot the documentation :) >> >>> I defininitly shall try the kerberos/dns/dhcp part of ApacheDS. >>> Currently I'm using heimdal, bind and isc dhcp server on ldap backend >>> (openldap), and looking for better solution, that's why I'm following >>> this list. I didn't realized I could already get all of it bundled in >>> ApacheDS! I'll try to accomodate for a few hours to roll out a test >>> bench. >> Don't blame me if you have problems while doing such an experiment ;) >> This is a very early bird, and it needs a lot of work to be able to >> use it smoothly... Any feedback will help, of course ! >>> >>>> And when it comes to LDAP server compliance, please just read this : >>>> http://www.symas.com/documents/Adam-Eval1-0.pdf >>>> >>>> So we think that ADS could stands for an active directory >>>> replacement. Even if you just need the ldap part. >>> >>> Sorry I think I misrepresented my point. I don't claim that ActiveDS >>> is a good, bad or better LDAP server. I just wanted to point out that >>> ActiveDS is not just an ldap server. >> I dodn't want to say that AD is a bad piece of techno either. I just >> wanted to point to this very interesting paper written by our friends >> at OpenLdap (which is a really good LDAP server btw!) >> >> Anyway, replacing AD by another LDAP server is not that easy, if you >> consider that AD is a major element of the Window$(tm) system. >>> The fact that it is much more than an ldap server makes it one of the >>> most difficult part of proprietary stuff to get out of a IT >>> infrastructure... What a pain ! >> indeed :) >> >> >> Thanks Denis !
