directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [Feedback needed] ADS pros and cons ?
Date Wed, 23 Jan 2008 19:30:49 GMT
Aye there's too much marketing messing up reality you're right.  Forgive me
for not seeing Emmanuel's posts earlier.

Alex

On Jan 23, 2008 1:22 PM, Denis Cardon <denis.cardon@tranquil-it-systems.fr>
wrote:

> Hi Alex,
>
> > Forgive me for correcting you here but ApacheDS has a DNS and Kerberos
> > service embedded inside.  ApacheDS is not only an LDAP server.
>
> thanks for the input, Emmanuel already briefed me on that and I expect
> to roll out a test bench once I manage to get a few hours off.
>
> > Also MS ActiveDirectory as a process just services LDAP requests (not
> fully
> > compliant but it works).  Another separate process actually handles the
> > Kerberos requests as the AS and TGTS.  Also the DNS service is a
> different
> > service as well.  So no MS ActiveDirectory is not all these things in
> one.
>
> Actually it is just a war of words. On its web site MS says (among other
> things :-) "Active Directory provides: (...) Information security and
> single sign-on for user access to network resources". So I guess
> Kerberos is considered part of ActiveDS (I also doubled checked with
> some MCSE people about this wording). Ref :
>
> http://technet2.microsoft.com/WindowsServer/en/library/6f8a7c80-45fc-4916-80d9-16e6d46241f91033.mspx?mfr=true
>
> Granted I've not checked at the process level though to see how they
> named all that stuff :-)
>
> > I think you might have been referring to a Windows 200X Server being
> > replaced by the components you listed?
>
> In my daily business I carry out migration to FOSS systems (both servers
> and desktop/thin clients). Currently one of the unremoveble piece of
> software in a Windows environnement is the Domain Controler (unless it
> is NT4 based, which is still quite common in French SMBs).
>
> Many people asume that, because FOSS world provide first grade ldap
> servers, it may be possible to replace an ActiveDS. I just wanted to
> underline that it is not that simple...
>
> > I may be wrong though hopefully someone can clarify.
>
> I hope I did clarify my former statement :-)
>
> Cheers,
>
> Denis
>
> >
> > Regards,
> > Alex
> >
> >
> > On Jan 23, 2008 4:42 AM, Denis Cardon <
> denis.cardon@tranquil-it-systems.fr>
> > wrote:
> >
> >> Hi Ossi,
> >>
> >>> 1) we currently use ADS for experiments, we plan to replace MS Active
> >>> Directory Server with a more open LDAP Server
> >> actually Active Directory is more than just a ldap server. It bundles a
> >> customified ldap server, a kerberos server, a dns server, and some ms
> >> rpc stuff. So apache directory server could not, by itself stands for
> an
> >> active directory replacement (unless the only thing you need is the
> ldap
> >> part).
> >>
> >> Open source projects are getting close to a replacement of ActiveDS,
> and
> >> bundling ApacheDS + Samba4alpha3 + Bind/sdb_ldap should almost do the
> >> trick, however it is not yet very polished and might need some
> twicking.
> >>
> >> Cheers,
> >>
> >> Denis
> >>
> >>
> >>> 2) pros: open source, certified, stable, java
> >>>    cons: documentation is not foolproof. in our company there
> >>>      is no ldap specialist, only basic knowledge is there.
> >>>      when we tried to synchronize MS Active Directory with
> >>>      ADS the docs where too confusing (for us fools)
> >>>
> >>>      documentation could show more examples
> >>>
> >>> 3) dont eve know what i could do already. as with 2: we
> >>>    need to sync different user stores into one directory
> >>>    (LDAP, from MySql DB, from Oracle DB) and then
> >>>    replicate / mirror this one
> >>>
> >>>    i ve seen such features with penrose ldap solution
> >>>    but i have not done an evaluation yet
> >>>
> >>> 4) we are commercial, selling a java framework (rcp, webapps)
> >>>    currently the plan is to use ADS for inhouse administration
> >>>    and later integrate it into the our secure-server
> >>>
> >>> 5) just go on please :)
> >>>
> >>>
> >>> regards
> >>>
> >>> ossi
> >>>
> >>>
> >>>
> >>> Emmanuel Lecharny schrieb:
> >>>> Hi !
> >>>>
> >>>> This is the very beginning of 2008, and we are all working hard to
> get
> >> a
> >>>> 2.0 out in the next few months. At this point, we think it's a good
> >>>> timing to get some feedback from you, users and developpers ! Here is
> a
> >>>> short list of question you may answer, but this is very up to you. We
> >>>> don't need names ( "I'm working for company XYZ" ), this is just
> >>>> informational.
> >>>>
> >>>> *Keep in mind that those informations will appear on the
> >>>> Apache ML and many other, so if you think that any confidential piece
> >> of
> >>>> it should not be disclose, then don't answer !*
> >>>>
> >>>> 1) What are you using ADS for ? Is it in production, used to do some
> >>>> tests during developpement, or simply as a toy ?
> >>>>
> >>>> 2) What are the Pros and Cons you clearly see ?
> >>>>
> >>>> 3) What would be the major features or improvement you are expecting
> to
> >>>> see in the near future ?
> >>>>
> >>>> 4) Are you a commercial entity, an non-for profit organization, an
> >>>> Apache project, a student or an individual just interested in the
> >> techno
> >>>> ? (no name needed)
> >>>>
> >>>> 5) Any other opinion or feedback you would like to share with us ?
> >>>>
> >>>> Thank you all for helping us being more aware !
> >>>>
> >>
> >> --
> >> Denis Cardon
> >> Tranquil IT Systems
> >> 44 bvd des pas enchantés
> >> 44230 Saint Sébastien sur Loire
> >> tel : +33 (0) 2.40.97.62.67
> >> http://www.tranquil-it-systems.fr
> >>
> >>
> >>
> >
>
>
> --
> Denis Cardon
> Tranquil IT Systems
> 44 bvd des pas enchantés
> 44230 Saint Sébastien sur Loire
> tel : +33 (0) 2.40.97.62.67
> http://www.tranquil-it-systems.fr
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message