directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleksandar Vidakovic <>
Subject Re: [Feedback needed] ADS pros and cons ?
Date Wed, 23 Jan 2008 17:10:58 GMT
Salut ossi,

just FYI: Penrose ( might
be interesting for your plans... just in case you didn't stumble upon it.



ossi petz wrote:
> Hallo everyone!
> i was happy getting ldap, hearing about kerberos is even better :)
> i did not want to draw the active directory replacement picture.
> actually using exchange, windows clients, sharepoint... there is a need
> for an active directory when using windows. just for easy living.
> what we encountered: we need the same ldap structure at different
> locations that do not only contain the users with windows logins. we
> have a custom made CRM and sometimes someone turns from 'interested'
> into 'customer'. so he will need a useraccount in different tools.
> currently this is all done manually.
> my vision was: sync apacheDS with actice directory. from there use the
> wiki, the dms, the crm and so on with apacheDS. and then mirror it to
> the other company sites or the cms / forum.
> the only thing all tools have in common is ldap authentication. and
> accessing apacheDS for java people looks much more promising than using
> active directory as the master (which cannot be easily deployed with
> java apps too)
> and well it all looks blody complicated. makes it interesting somehow.
> well. thanks for paying attention :)
> regards
> ossi
> Emmanuel Lecharny schrieb:
>> Hi Denis !
>>> My fault, I have only been looking at the ldap part of apache
>>> directory... 
>> No problem at all ! At least, it demonstrates that we need to improve
>> a lot the documentation :)
>>> I defininitly shall try the kerberos/dns/dhcp part of ApacheDS.
>>> Currently I'm using heimdal, bind and isc dhcp server on ldap backend
>>> (openldap), and looking for better solution, that's why I'm following
>>> this list. I didn't realized I could already get all of it bundled in
>>> ApacheDS! I'll try to accomodate for a few hours to roll out a test
>>> bench.
>> Don't blame me if you have problems while doing such an experiment ;)
>> This is a very early bird, and it needs a lot of work to be able to
>> use it smoothly... Any feedback will help, of course !
>>>> And when it comes to LDAP server compliance, please just read this :
>>>> So we think that ADS could stands for an active directory
>>>> replacement. Even if you just need the ldap part.
>>> Sorry I think I misrepresented my point. I don't claim that ActiveDS
>>> is a good, bad or better LDAP server. I just wanted to point out that
>>> ActiveDS is not just an ldap server. 
>> I dodn't want to say that AD is a bad piece of techno either. I just
>> wanted to point to this very interesting paper written by our friends
>> at OpenLdap (which is a really good LDAP server btw!)
>> Anyway, replacing AD by another LDAP server is not that easy, if you
>> consider that AD is a major element of the Window$(tm) system.
>>> The fact that it is much more than an ldap server makes it one of the
>>> most difficult part of proprietary stuff to get out of a IT
>>> infrastructure... What a pain !
>> indeed :)
>> Thanks Denis !

View raw message