directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Cardon <>
Subject Re: [Feedback needed] ADS pros and cons ?
Date Wed, 23 Jan 2008 18:22:11 GMT
Hi Alex,

> Forgive me for correcting you here but ApacheDS has a DNS and Kerberos
> service embedded inside.  ApacheDS is not only an LDAP server.

thanks for the input, Emmanuel already briefed me on that and I expect 
to roll out a test bench once I manage to get a few hours off.

> Also MS ActiveDirectory as a process just services LDAP requests (not fully
> compliant but it works).  Another separate process actually handles the
> Kerberos requests as the AS and TGTS.  Also the DNS service is a different
> service as well.  So no MS ActiveDirectory is not all these things in one.

Actually it is just a war of words. On its web site MS says (among other 
things :-) "Active Directory provides: (...) Information security and 
single sign-on for user access to network resources". So I guess 
Kerberos is considered part of ActiveDS (I also doubled checked with 
some MCSE people about this wording). Ref :

Granted I've not checked at the process level though to see how they 
named all that stuff :-)

> I think you might have been referring to a Windows 200X Server being
> replaced by the components you listed?

In my daily business I carry out migration to FOSS systems (both servers 
and desktop/thin clients). Currently one of the unremoveble piece of 
software in a Windows environnement is the Domain Controler (unless it 
is NT4 based, which is still quite common in French SMBs).

Many people asume that, because FOSS world provide first grade ldap 
servers, it may be possible to replace an ActiveDS. I just wanted to 
underline that it is not that simple...

> I may be wrong though hopefully someone can clarify.

I hope I did clarify my former statement :-)



> Regards,
> Alex
> On Jan 23, 2008 4:42 AM, Denis Cardon <>
> wrote:
>> Hi Ossi,
>>> 1) we currently use ADS for experiments, we plan to replace MS Active
>>> Directory Server with a more open LDAP Server
>> actually Active Directory is more than just a ldap server. It bundles a
>> customified ldap server, a kerberos server, a dns server, and some ms
>> rpc stuff. So apache directory server could not, by itself stands for an
>> active directory replacement (unless the only thing you need is the ldap
>> part).
>> Open source projects are getting close to a replacement of ActiveDS, and
>> bundling ApacheDS + Samba4alpha3 + Bind/sdb_ldap should almost do the
>> trick, however it is not yet very polished and might need some twicking.
>> Cheers,
>> Denis
>>> 2) pros: open source, certified, stable, java
>>>    cons: documentation is not foolproof. in our company there
>>>      is no ldap specialist, only basic knowledge is there.
>>>      when we tried to synchronize MS Active Directory with
>>>      ADS the docs where too confusing (for us fools)
>>>      documentation could show more examples
>>> 3) dont eve know what i could do already. as with 2: we
>>>    need to sync different user stores into one directory
>>>    (LDAP, from MySql DB, from Oracle DB) and then
>>>    replicate / mirror this one
>>>    i ve seen such features with penrose ldap solution
>>>    but i have not done an evaluation yet
>>> 4) we are commercial, selling a java framework (rcp, webapps)
>>>    currently the plan is to use ADS for inhouse administration
>>>    and later integrate it into the our secure-server
>>> 5) just go on please :)
>>> regards
>>> ossi
>>> Emmanuel Lecharny schrieb:
>>>> Hi !
>>>> This is the very beginning of 2008, and we are all working hard to get
>> a
>>>> 2.0 out in the next few months. At this point, we think it's a good
>>>> timing to get some feedback from you, users and developpers ! Here is a
>>>> short list of question you may answer, but this is very up to you. We
>>>> don't need names ( "I'm working for company XYZ" ), this is just
>>>> informational.
>>>> *Keep in mind that those informations will appear on the
>>>> Apache ML and many other, so if you think that any confidential piece
>> of
>>>> it should not be disclose, then don't answer !*
>>>> 1) What are you using ADS for ? Is it in production, used to do some
>>>> tests during developpement, or simply as a toy ?
>>>> 2) What are the Pros and Cons you clearly see ?
>>>> 3) What would be the major features or improvement you are expecting to
>>>> see in the near future ?
>>>> 4) Are you a commercial entity, an non-for profit organization, an
>>>> Apache project, a student or an individual just interested in the
>> techno
>>>> ? (no name needed)
>>>> 5) Any other opinion or feedback you would like to share with us ?
>>>> Thank you all for helping us being more aware !
>> --
>> Denis Cardon
>> Tranquil IT Systems
>> 44 bvd des pas enchantés
>> 44230 Saint Sébastien sur Loire
>> tel : +33 (0)

Denis Cardon
Tranquil IT Systems
44 bvd des pas enchantés
44230 Saint Sébastien sur Loire
tel : +33 (0)

View raw message