Denis Cardon wrote: >> Forgive me for correcting you here but ApacheDS has a DNS and Kerberos >> service embedded inside. ApacheDS is not only an LDAP server. > > thanks for the input, Emmanuel already briefed me on that and I expect > to roll out a test bench once I manage to get a few hours off. Don't worry, we usually process mail FIFO, so Alex might have replied before having read my answer ;) Anyway, it's a good point that we are on the same page ! > >> Also MS ActiveDirectory as a process just services LDAP requests (not >> fully >> compliant but it works). Another separate process actually handles the >> Kerberos requests as the AS and TGTS. Also the DNS service is a >> different >> service as well. So no MS ActiveDirectory is not all these things in >> one. > > Actually it is just a war of words. On its web site MS says (among > other things :-) "Active Directory provides: (...) Information > security and single sign-on for user access to network resources". So > I guess Kerberos is considered part of ActiveDS In fact, it's not. The kerberos service is run beside AD, and use AD as a repository (which makes sense). ADS kerberos server is on the opposite running on the same process than the LDAP server. http://msdn2.microsoft.com/en-us/library/aa378170(VS.85).aspx >> I think you might have been referring to a Windows 200X Server being >> replaced by the components you listed? > > In my daily business I carry out migration to FOSS systems (both > servers and desktop/thin clients). Currently one of the unremoveble > piece of software in a Windows environnement is the Domain Controler > (unless it is NT4 based, which is still quite common in French SMBs). > > Many people asume that, because FOSS world provide first grade ldap > servers, it may be possible to replace an ActiveDS. I just wanted to > underline that it is not that simple... Damn not ... Thanks to M$ AD which is not really LDAP compliant, and to the thousands of specific ObjectClasses and AttributeType they added to make it more dificult ;) -- -- cordialement, regards, Emmanuel Lécharny www.iktek.com directory.apache.org