From users-return-1150-apmail-directory-users-archive=directory.apache.org@directory.apache.org Wed Jan 23 19:31:21 2008 Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 77796 invoked from network); 23 Jan 2008 19:31:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 23 Jan 2008 19:31:21 -0000 Received: (qmail 16637 invoked by uid 500); 23 Jan 2008 19:31:11 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 16615 invoked by uid 500); 23 Jan 2008 19:31:11 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 16603 invoked by uid 99); 23 Jan 2008 19:31:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jan 2008 11:31:11 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com designates 209.85.146.176 as permitted sender) Received: from [209.85.146.176] (HELO wa-out-1112.google.com) (209.85.146.176) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jan 2008 19:30:44 +0000 Received: by wa-out-1112.google.com with SMTP id m38so5525001waf.5 for ; Wed, 23 Jan 2008 11:30:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; bh=6UFIX0cIaEcjbtNa8yjXDBir1QXXDeZerXgMNLH3Jhc=; b=FpPYXcinewgWgN+l6n81ccjvM3MV3WH3tSdK3KimlprKThPOKUbh/n3KvOclkGLrtHOAe/bEVXkPxQlZmqVuOSpKUex9W3+GfBK2zq4h7uBndLJA0rixGXj/GND1xZWQgX0FrVYF7DRTnEsmYcOh5CIm/GWilu9aPLdriN6HkAk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=uhdC7SJDzj5F32lbPOSbCxyWPscsR4rM3VpSTgPHpMkBHGXUjoYMb31xhKY83ypXlpk/UiFMoo2n2pbo8qVQ/nAX9QQbnOhqQjX4+edNOizHn2LerlbYj2pP244N5CLkvqw5F7ovjJ9KeaFCBGF7E+Z3L0mNZX/AvJsSyhhZ2GA= Received: by 10.114.52.1 with SMTP id z1mr9102798waz.123.1201116649801; Wed, 23 Jan 2008 11:30:49 -0800 (PST) Received: by 10.115.18.12 with HTTP; Wed, 23 Jan 2008 11:30:49 -0800 (PST) Message-ID: Date: Wed, 23 Jan 2008 14:30:49 -0500 From: "Alex Karasulu" Sender: akarasulu@gmail.com To: users@directory.apache.org Subject: Re: [Feedback needed] ADS pros and cons ? In-Reply-To: <479785D3.80904@tranquil-it-systems.fr> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_29377_18015736.1201116649788" References: <47824C87.8030909@gmail.com> <47970BF8.2030700@tranquil-it-systems.fr> <479785D3.80904@tranquil-it-systems.fr> X-Google-Sender-Auth: 8e2424941d610b3b X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_29377_18015736.1201116649788 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Aye there's too much marketing messing up reality you're right. Forgive me for not seeing Emmanuel's posts earlier. Alex On Jan 23, 2008 1:22 PM, Denis Cardon wrote: > Hi Alex, > > > Forgive me for correcting you here but ApacheDS has a DNS and Kerberos > > service embedded inside. ApacheDS is not only an LDAP server. > > thanks for the input, Emmanuel already briefed me on that and I expect > to roll out a test bench once I manage to get a few hours off. > > > Also MS ActiveDirectory as a process just services LDAP requests (not > fully > > compliant but it works). Another separate process actually handles the > > Kerberos requests as the AS and TGTS. Also the DNS service is a > different > > service as well. So no MS ActiveDirectory is not all these things in > one. > > Actually it is just a war of words. On its web site MS says (among other > things :-) "Active Directory provides: (...) Information security and > single sign-on for user access to network resources". So I guess > Kerberos is considered part of ActiveDS (I also doubled checked with > some MCSE people about this wording). Ref : > > http://technet2.microsoft.com/WindowsServer/en/library/6f8a7c80-45fc-4916= -80d9-16e6d46241f91033.mspx?mfr=3Dtrue > > Granted I've not checked at the process level though to see how they > named all that stuff :-) > > > I think you might have been referring to a Windows 200X Server being > > replaced by the components you listed? > > In my daily business I carry out migration to FOSS systems (both servers > and desktop/thin clients). Currently one of the unremoveble piece of > software in a Windows environnement is the Domain Controler (unless it > is NT4 based, which is still quite common in French SMBs). > > Many people asume that, because FOSS world provide first grade ldap > servers, it may be possible to replace an ActiveDS. I just wanted to > underline that it is not that simple... > > > I may be wrong though hopefully someone can clarify. > > I hope I did clarify my former statement :-) > > Cheers, > > Denis > > > > > Regards, > > Alex > > > > > > On Jan 23, 2008 4:42 AM, Denis Cardon < > denis.cardon@tranquil-it-systems.fr> > > wrote: > > > >> Hi Ossi, > >> > >>> 1) we currently use ADS for experiments, we plan to replace MS Active > >>> Directory Server with a more open LDAP Server > >> actually Active Directory is more than just a ldap server. It bundles = a > >> customified ldap server, a kerberos server, a dns server, and some ms > >> rpc stuff. So apache directory server could not, by itself stands for > an > >> active directory replacement (unless the only thing you need is the > ldap > >> part). > >> > >> Open source projects are getting close to a replacement of ActiveDS, > and > >> bundling ApacheDS + Samba4alpha3 + Bind/sdb_ldap should almost do the > >> trick, however it is not yet very polished and might need some > twicking. > >> > >> Cheers, > >> > >> Denis > >> > >> > >>> 2) pros: open source, certified, stable, java > >>> cons: documentation is not foolproof. in our company there > >>> is no ldap specialist, only basic knowledge is there. > >>> when we tried to synchronize MS Active Directory with > >>> ADS the docs where too confusing (for us fools) > >>> > >>> documentation could show more examples > >>> > >>> 3) dont eve know what i could do already. as with 2: we > >>> need to sync different user stores into one directory > >>> (LDAP, from MySql DB, from Oracle DB) and then > >>> replicate / mirror this one > >>> > >>> i ve seen such features with penrose ldap solution > >>> but i have not done an evaluation yet > >>> > >>> 4) we are commercial, selling a java framework (rcp, webapps) > >>> currently the plan is to use ADS for inhouse administration > >>> and later integrate it into the our secure-server > >>> > >>> 5) just go on please :) > >>> > >>> > >>> regards > >>> > >>> ossi > >>> > >>> > >>> > >>> Emmanuel Lecharny schrieb: > >>>> Hi ! > >>>> > >>>> This is the very beginning of 2008, and we are all working hard to > get > >> a > >>>> 2.0 out in the next few months. At this point, we think it's a good > >>>> timing to get some feedback from you, users and developpers ! Here i= s > a > >>>> short list of question you may answer, but this is very up to you. W= e > >>>> don't need names ( "I'm working for company XYZ" ), this is just > >>>> informational. > >>>> > >>>> *Keep in mind that those informations will appear on the > >>>> Apache ML and many other, so if you think that any confidential piec= e > >> of > >>>> it should not be disclose, then don't answer !* > >>>> > >>>> 1) What are you using ADS for ? Is it in production, used to do some > >>>> tests during developpement, or simply as a toy ? > >>>> > >>>> 2) What are the Pros and Cons you clearly see ? > >>>> > >>>> 3) What would be the major features or improvement you are expecting > to > >>>> see in the near future ? > >>>> > >>>> 4) Are you a commercial entity, an non-for profit organization, an > >>>> Apache project, a student or an individual just interested in the > >> techno > >>>> ? (no name needed) > >>>> > >>>> 5) Any other opinion or feedback you would like to share with us ? > >>>> > >>>> Thank you all for helping us being more aware ! > >>>> > >> > >> -- > >> Denis Cardon > >> Tranquil IT Systems > >> 44 bvd des pas enchant=E9s > >> 44230 Saint S=E9bastien sur Loire > >> tel : +33 (0) 2.40.97.62.67 > >> http://www.tranquil-it-systems.fr > >> > >> > >> > > > > > -- > Denis Cardon > Tranquil IT Systems > 44 bvd des pas enchant=E9s > 44230 Saint S=E9bastien sur Loire > tel : +33 (0) 2.40.97.62.67 > http://www.tranquil-it-systems.fr > > > ------=_Part_29377_18015736.1201116649788--