Hi Alex,
Forgive me for correcting you here but ApacheDS has a DNS and Kerberos
service embedded inside. ApacheDS is not only an LDAP server.
thanks for the input, Emmanuel already briefed me on that and I expect
to roll out a test bench once I manage to get a few hours off.
Also MS ActiveDirectory as a process just services LDAP requests (not fully
compliant but it works). Another separate process actually handles the
Kerberos requests as the AS and TGTS. Also the DNS service is a different
service as well. So no MS ActiveDirectory is not all these things in one.
Actually it is just a war of words. On its web site MS says (among other
things :-) "Active Directory provides: (...) Information security and
single sign-on for user access to network resources". So I guess
Kerberos is considered part of ActiveDS (I also doubled checked with
some MCSE people about this wording). Ref :
http://technet2.microsoft.com/WindowsServer/en/library/6f8a7c80-45fc-4916-80d9-16e6d46241f91033.mspx?mfr=true
Granted I've not checked at the process level though to see how they
named all that stuff :-)
I think you might have been referring to a Windows 200X Server being
replaced by the components you listed?
In my daily business I carry out migration to FOSS systems (both servers
and desktop/thin clients). Currently one of the unremoveble piece of
software in a Windows environnement is the Domain Controler (unless it
is NT4 based, which is still quite common in French SMBs).
Many people asume that, because FOSS world provide first grade ldap
servers, it may be possible to replace an ActiveDS. I just wanted to
underline that it is not that simple...
I may be wrong though hopefully someone can clarify.
I hope I did clarify my former statement :-)
Cheers,
Denis
Regards,
Alex
On Jan 23, 2008 4:42 AM, Denis Cardon <[EMAIL PROTECTED]>
wrote:
Hi Ossi,
1) we currently use ADS for experiments, we plan to replace MS Active
Directory Server with a more open LDAP Server
actually Active Directory is more than just a ldap server. It bundles a
customified ldap server, a kerberos server, a dns server, and some ms
rpc stuff. So apache directory server could not, by itself stands for an
active directory replacement (unless the only thing you need is the ldap
part).
Open source projects are getting close to a replacement of ActiveDS, and
bundling ApacheDS + Samba4alpha3 + Bind/sdb_ldap should almost do the
trick, however it is not yet very polished and might need some twicking.
Cheers,
Denis
2) pros: open source, certified, stable, java
cons: documentation is not foolproof. in our company there
is no ldap specialist, only basic knowledge is there.
when we tried to synchronize MS Active Directory with
ADS the docs where too confusing (for us fools)
documentation could show more examples
3) dont eve know what i could do already. as with 2: we
need to sync different user stores into one directory
(LDAP, from MySql DB, from Oracle DB) and then
replicate / mirror this one
i ve seen such features with penrose ldap solution
but i have not done an evaluation yet
4) we are commercial, selling a java framework (rcp, webapps)
currently the plan is to use ADS for inhouse administration
and later integrate it into the our secure-server
5) just go on please :)
regards
ossi
Emmanuel Lecharny schrieb:
Hi !
This is the very beginning of 2008, and we are all working hard to get
a
2.0 out in the next few months. At this point, we think it's a good
timing to get some feedback from you, users and developpers ! Here is a
short list of question you may answer, but this is very up to you. We
don't need names ( "I'm working for company XYZ" ), this is just
informational.
*Keep in mind that those informations will appear on the
Apache ML and many other, so if you think that any confidential piece
of
it should not be disclose, then don't answer !*
1) What are you using ADS for ? Is it in production, used to do some
tests during developpement, or simply as a toy ?
2) What are the Pros and Cons you clearly see ?
3) What would be the major features or improvement you are expecting to
see in the near future ?
4) Are you a commercial entity, an non-for profit organization, an
Apache project, a student or an individual just interested in the
techno
? (no name needed)
5) Any other opinion or feedback you would like to share with us ?
Thank you all for helping us being more aware !
--
Denis Cardon
Tranquil IT Systems
44 bvd des pas enchantés
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.62.67
http://www.tranquil-it-systems.fr
--
Denis Cardon
Tranquil IT Systems
44 bvd des pas enchantés
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.62.67
http://www.tranquil-it-systems.fr
