directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ossi petz <>
Subject Re: [Feedback needed] ADS pros and cons ?
Date Wed, 23 Jan 2008 17:03:19 GMT
Hallo everyone!

i was happy getting ldap, hearing about kerberos is even better :)

i did not want to draw the active directory replacement picture. 
actually using exchange, windows clients, sharepoint... there is a need 
for an active directory when using windows. just for easy living.

what we encountered: we need the same ldap structure at different 
locations that do not only contain the users with windows logins. we 
have a custom made CRM and sometimes someone turns from 'interested' 
into 'customer'. so he will need a useraccount in different tools. 
currently this is all done manually.

my vision was: sync apacheDS with actice directory. from there use the 
wiki, the dms, the crm and so on with apacheDS. and then mirror it to 
the other company sites or the cms / forum.

the only thing all tools have in common is ldap authentication. and 
accessing apacheDS for java people looks much more promising than using 
active directory as the master (which cannot be easily deployed with 
java apps too)

and well it all looks blody complicated. makes it interesting somehow.

well. thanks for paying attention :)



Emmanuel Lecharny schrieb:
> Hi Denis !
>> My fault, I have only been looking at the ldap part of apache 
>> directory... 
> No problem at all ! At least, it demonstrates that we need to improve a 
> lot the documentation :)
>> I defininitly shall try the kerberos/dns/dhcp part of ApacheDS. 
>> Currently I'm using heimdal, bind and isc dhcp server on ldap backend 
>> (openldap), and looking for better solution, that's why I'm following 
>> this list. I didn't realized I could already get all of it bundled in 
>> ApacheDS! I'll try to accomodate for a few hours to roll out a test 
>> bench.
> Don't blame me if you have problems while doing such an experiment ;) 
> This is a very early bird, and it needs a lot of work to be able to use 
> it smoothly... Any feedback will help, of course !
>>> And when it comes to LDAP server compliance, please just read this : 
>>> So we think that ADS could stands for an active directory 
>>> replacement. Even if you just need the ldap part.
>> Sorry I think I misrepresented my point. I don't claim that ActiveDS 
>> is a good, bad or better LDAP server. I just wanted to point out that 
>> ActiveDS is not just an ldap server. 
> I dodn't want to say that AD is a bad piece of techno either. I just 
> wanted to point to this very interesting paper written by our friends at 
> OpenLdap (which is a really good LDAP server btw!)
> Anyway, replacing AD by another LDAP server is not that easy, if you 
> consider that AD is a major element of the Window$(tm) system.
>> The fact that it is much more than an ldap server makes it one of the 
>> most difficult part of proprietary stuff to get out of a IT 
>> infrastructure... What a pain !
> indeed :)
> Thanks Denis !

View raw message