Le 7/11/12 3:50 PM, Tillinghast, Andrew P. a écrit :
This seems a straight forward question but looking back through the archives I
don't see it asked in the last year - in October there was a similar question
but not quite what I want to know.
I need to set up a production LDAP solution and I'm looking for guidance on the
version of apacheDS to implement.
First of all the last version that was marked as "Stable" is 1.0.2 from May of
2007, all the 1.5.x versions are identified as "unstable" - Usually production
and unstable aren't a good combination.
Stable, meant (back then) that teh API was not supposed to evolve. In
1.5, the API has evolved a lot betewwn each minor version (ie, from
1.5.0 to 1.5.1, from 1.5.1 to 1.5.2, etc.
In any case, it has nothing to do with the 'stability' of the server :
the tests we run are the same, and we don't release unless all the tests
are passing. The risk for the user is that you install version X
(unstable), then a version X+1 is released, but in order to upgrade, you
may have to export the data and impert them again, plus some new
features have been added, and some other have been deprecated.
But more or less, I can tell that the choice we have made (going for
stable/unstable versions) was *wrong*. This is why we moved from 1.5.7
to 2.0-Mx.
I completely understand that the 2.0.0 milestone releases are beta - also not
usually good for production.
Yep.
Unfortunately, for a production implementation there are features missing from
the 1.5.x versions that I consider extremely important, specifically
multi-master replication.
Yep, we do consider that those are missing features.
Besides stability of a beta release the other key issue I see with the 2.0.0
releases is that the documentation is still sparse, completely reasonable for a
beta version but will make implementation more of a challenge.
Yep.
I'm leaning towards ApacheDS because the product is Java based, seems to have a
great feature set, and I've had a good history with Apache projects, but I'm
willing to look at switching to another LDAP solution if ApacheDS isn't ready
for our needs.
Totally makes sense. I mean, we could tell you that ApacheDS is perfect,
and to some respect, this is what many vendors are doing : they market
their product as version X.Y.Z, and fix bugs on the fly. We don't. We
prefer going for milestones until we have a production ready server,
even if it takes years...
Quality rules here.
To give an idea of our production needs:
We are a high education institution with about 2,500 Staff, Students and
Faculty.
We have approximately 30,000 alumni that continue to have access to various
systems through CAS.
We are completely revamping our IAM implementation from AD, Custom scripts and
CAS to a central Identity vault (where we see apacheDS in the system) fed by
SPML from our ERP, integrated with Grouper, CAS, Shibboleth, Federated Identity,
Kerberos and Guest registration through OpenRegistry.
Desired to be in production by the 13th of August, and I'm the only technical
person tasked with the implementation.
Frankly ? Use ApacheDS for tests and development. In production, go for
OpenLDAP atm.They do have everything, except that it's not Java based.
I would *love* telling you that ApacheDS is what you should use in this
very limited time frame, but that would be a lie. I'd rather disapoint
you now telling you that we are not production ready for such an usage
than letting you discovering it by yourself, and being pissed off on
august !
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
