Denis Cardon wrote:
Forgive me for correcting you here but ApacheDS has a DNS and Kerberos
service embedded inside. ApacheDS is not only an LDAP server.
thanks for the input, Emmanuel already briefed me on that and I expect
to roll out a test bench once I manage to get a few hours off.
Don't worry, we usually process mail FIFO, so Alex might have replied
before having read my answer ;) Anyway, it's a good point that we are on
the same page !
Also MS ActiveDirectory as a process just services LDAP requests (not
fully
compliant but it works). Another separate process actually handles the
Kerberos requests as the AS and TGTS. Also the DNS service is a
different
service as well. So no MS ActiveDirectory is not all these things in
one.
Actually it is just a war of words. On its web site MS says (among
other things :-) "Active Directory provides: (...) Information
security and single sign-on for user access to network resources". So
I guess Kerberos is considered part of ActiveDS
In fact, it's not. The kerberos service is run beside AD, and use AD as
a repository (which makes sense). ADS kerberos server is on the opposite
running on the same process than the LDAP server.
http://msdn2.microsoft.com/en-us/library/aa378170(VS.85).aspx
I think you might have been referring to a Windows 200X Server being
replaced by the components you listed?
In my daily business I carry out migration to FOSS systems (both
servers and desktop/thin clients). Currently one of the unremoveble
piece of software in a Windows environnement is the Domain Controler
(unless it is NT4 based, which is still quite common in French SMBs).
Many people asume that, because FOSS world provide first grade ldap
servers, it may be possible to replace an ActiveDS. I just wanted to
underline that it is not that simple...
Damn not ... Thanks to M$ AD which is not really LDAP compliant, and to
the thousands of specific ObjectClasses and AttributeType they added to
make it more dificult ;)
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
