Forgot your password?
typodupeerror
Red Hat Software Businesses The Internet

Red Hat Opens Netscape Directory 229

Posted by samzenpus
from the it's-good-to-share dept.
suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."
This discussion has been archived. No new comments can be posted.

Red Hat Opens Netscape Directory

Comments Filter:
  • by coop0030 (263345) * on Wednesday May 25, 2005 @11:16PM (#12641563) Homepage
    I forgot to mention this in my first post...but if enough customers purchase this by April 30th, Red Hat will have to pay an additional $2.5 million.

    Goodness, that is a lot of money.
  • by Temkin (112574) on Wednesday May 25, 2005 @11:26PM (#12641605)


    Speed, and certain enterprise features like multi-master replication if I remember correctly. It's been a while since Netscape dropped off everyone's radar, and I know they continued work on it after iPlanet broke up.

    You can compare them using SLAMD. www.slamd.com
  • Re:Comparison (Score:2, Informative)

    by Kartoch (38254) on Wednesday May 25, 2005 @11:30PM (#12641628) Homepage
    To add a bit of complexity in this question, I heard that guys from Samba are developping their own LDAP because they are not satisfied with OpenLDAP. Does anyone has more informations/opinions about it ?
  • by NixLuver (693391) <stwhite @ k c h eretic.com> on Wednesday May 25, 2005 @11:47PM (#12641729) Homepage Journal
    Actually, I'm aware of an installation where a single (fairly robust) sun box is running at 200GB db size and 32 million LDAP entries on SunOne (descendant of the Netscape code). It sucks, but it works. Let's be honest - even the NS directory server is a nightmare to set up beyond the most rudimentary schema. Easier than OpenLDAP, true, but *easy*?
  • by ehvoy (696364) on Wednesday May 25, 2005 @11:49PM (#12641734)
    An active directory-killer is something Linux has needed--that is, one that is easy to set up, and has that MS-like integration. I wonder if they'll include integration with BIND/. Looks like Red Hat is going head-to-head with Microsoft to control the corporate LANscape.

    Now the CIO knows he/she can buy Red Hat "Professional" :) and Red Hat "Server 200x" and set up a "Domain" with it.
  • by LnxAddct (679316) <sgk25@drexel.edu> on Wednesday May 25, 2005 @11:50PM (#12641739)
    Netscape Directory is very very fast and very very easy to install and configure. After using OpenLDAP, I'm sure everyone can agree that it is not worth your sanity just to configure a program:) Netscape Directory makes this all easy, it integrates well and is highly efficient. As I said in another post, the Netscape engineers who coded this (very bright guys) claim that one mid to high end server running Netscape Directoy can handle 200,000 clients. This is a huge gain for linux in enterprise.
    Regards,
    Steve
  • by askegg (599634) on Wednesday May 25, 2005 @11:58PM (#12641772)
    Novell eDirectory has been available on Linux for sometime and has features Netscape, OpenLDAP, Active Directory and Sun One lack.

    Now that Novell own SuSE I except eDirectory to be the number one Linux LDAP compliant directory available.
  • Where are they now? (Score:2, Informative)

    by fce2 (819446) on Thursday May 26, 2005 @12:20AM (#12641889) Homepage

    Where are the other bits of software that once was Netscape Suitespot?

    Netscape Calendar was not actually developed by Netscape, but was a version of CS&T's CorporateTime system. CS&T later renamed to Steltor, and is now part of Oracle, CorporateTime forming a large part of their colloboration suite.

    Both Netscape and Sun got copies of everything when iPlanet split. Sun still develops and sells them, first as Sun ONE, now as Java Enterprise System. Netscape tried to keep development going for a while, but it kind of stagnated (much in the same way that the Netscape browser stopped moving after the AOL aquisition).

    Redhat also got Certificate Server and Enteprise Server (the web server) as part of their deal, see http://www.redhat.com/software/rha/netscape/ [redhat.com] for more.

    So where is the other Netscape software? I'm mostly talking about Messaging Server, which is an awesome piece of software, and Collabra Server, which .. isn't. Presumably they're still kicking around in a CVS in the depths of AOL somewhere. Anybody else know anything?

  • by Panoramix (31263) on Thursday May 26, 2005 @12:32AM (#12641938) Homepage

    Fwiw, I did install a Netscape Directory Server on a HP-UX 11 machine, not that long ago. It was reasonably straightforward, except in that I had to install a number of OS patches and muck around with kernel parameters.

    (Btw, what is it with these big proprietary apps that always want to change your kernel parameters? What on earth does Oracle need 2GB of shared memory for? And 64K file descriptors per process? That's beyond ridiculous. That sounds dangerously like extremely sloppy programming inside the product.)

    But I digress. My point is that installing and configuring NDS is not hard, but nothing like "soo but soo easy" either (e.g., a far, far cry from "apt-get install slapd").

    Enabling SSL is a PITA if you don't have the Netscape Certificate Server (which I didn't). I involves all manner of funky maneuvering with OpenSSL and some tools that you have to fetch from some obscure page at mozilla.org.

    Management is more or less the same than with OpenLDAP, which is to say that it mostly depends on how good or bad are your LDAP client tools. In fairness, I hear the Netscape client is nice. I couldn't use it because the damn thing runs on Windows and I was not about to install that in my laptop just to see a stupid LDAP client.

    Replication is probably better than OpenLDAP, though I haven't yet a chance to try it on either one.

    As for big environments with many users and clients, until today I would have gone with OpenLDAP (or, if a PHB just had to see a lot of money spent in this, with Novell or Microsoft's directories). That's because nobody had source code to NDS and it was all but discontinued from the vendor. You don't want to find yourself in a position where you know there's a bug in the software, but you can't fix it and your vendor won't because they discontinued the product (and are pretty much out of business themselves, anyway).

    Anyway. This is good news, certainly. Though I mostly hope there are parts and components that can be salvaged into slapd.

  • by lactose99 (71132) on Thursday May 26, 2005 @12:35AM (#12641952)
    Now if they would only open source Netscape calendaring...

    Did RedHat get rights to Netscape Calendar? I thought that was all sold to Steltor as Steltor CorporateTime [steltor.com] before it all got gobbled-up by Oracle and became Oracle Collaboration Suite's Oracle Calendar [oracle.com]. The only reason I know this is because my company was a legacy Steltor CorporateTime customer and we recently completed an upgrade to Oracle Calendar as support was about to expire on the Steltor product.

    If Netscape Calenedar was open-sourced, perhaps I could better-understand the proprietary database backend used with it.
  • by sillypixie (696077) * on Thursday May 26, 2005 @01:00AM (#12642054) Journal
    I feel happy about this.

    I feel that this may be karmic retribution for Sun railroading us into having to use ^$@#%$&ing pkgadd, instead of those lovely tarball installs of yore, where it all installed into a single directory that I could tar up, or simply blow away if it screwed up... ah, the days of control...

    But then, in the short term, the only way that I can see Netscape Directory Server making it into the enterprises that I deal with daily are if it comes bundled or as a dependency for some very well-trusted and established open source app, like maybe a CMS or something such as Bugzilla, or SVN. As an "Enterprise Directory" (ooh aah) it will be a long time before this version could compete, if ever -- everybody wants a stack, these days.

    Still, it could be interesting leverage for the big Sun clients who are actually paying for the SJS Directory Server. I think this is the final stage of the commoditization of the animal that is a directory server... damn, I owe a certain Burton Group analyst a beer now...

    (-:

    Pixie
  • by kauttapiste (633236) on Thursday May 26, 2005 @01:59AM (#12642263)
    Well, throwing some features off the top of my head:

    * multi-master replication (up to 4 servers)
    * very, VERY extensive plugin interface
    * useful access logging and log file analysers
    * SNMP reporting
    * configuration under cn=config branch (updatable over LDAP)
    * you can take backups by sending commands over LDAP

    And it's fast as hell, compared to OpenLDAP.
  • by Anonymous Coward on Thursday May 26, 2005 @04:42AM (#12642701)
    Hula project is funded by Novell.http://hula-project.org/General_FAQ#Relatio nship_with_Novell [hula-project.org] Don't think that Novell will ever support Netscape Directory when they have a better (eDirectory) alternative. Integration with Openldap might be a possibility. Netscape...doubtful
  • by The Last Gunslinger (827632) on Thursday May 26, 2005 @04:55AM (#12642734)
    Why is this even newsworthy?

    IBM has licensed its enterprise-class LDAP directory server software free of charge for over 5 years now.

    Yep, free. Go to ibm.com and download it for yourself. Anyone. For any purpose.

    http://www-306.ibm.com/software/tivoli/products/di rectory-server/ [ibm.com]

    It's currently under the Tivoli brand, going as the IBM Tivoli Directory Server v6.0.

    Not only does it pack all the bells and whistles of other enterprise LDAP directories, such as multimaster and cascaded replication models, but instead of flat files it *includes* IBM DB2 UDB enterprise edition database (also licensed free of charge) for its data storage. I've seen the comparative test results, and nothing touches this solution for performance and scalability.

    It runs on just about anything, too...including Linux on non-x86 hardware.

    And they've always GIVEN it away. Free download.

    So, someone explain again WHY any company of any size would PAY for an LDAP solution, or why RedHat giving away Netscape Directory is big news?
  • by alistair (31390) <`moc.padltoh' `ta' `riatsila'> on Thursday May 26, 2005 @05:02AM (#12642760)
    This isn't 100% correct. SUN ONE is a merge of the Netscape Code base with the Innosoft Code base they aquired in around 2001. Both Netscape and Innosoft developed their own directory servers based around the Open LDAP reference installation. What made Innosoft more advanced was its capability for several masters (it's not true multi - master in the sense of eDirectory from Novell or Active directory but that is no bad thing).

    SUN aquired the Netscape Code in partnership with AOL and also bought Innosoft. SUNs Directory 4.x servers are the Netscape code, 5.x are Innosoft.

    Having said that I have happily tested both servers with 4 million entries on a fairly small box and run 500K entries in production. We managed uptimes of in excess of a year on some of our 4.x servers running over a million queries a day, not so bad.
  • by opos (681974) on Thursday May 26, 2005 @06:16AM (#12642987) Homepage
    But RedHat is not in Silicon Valley. In Raleigh-Durham , $20M is a lot of money. This investment is an interesting move to opening up more resources for the open source community
  • by krady (2201) on Thursday May 26, 2005 @07:03AM (#12643131)
    Try setting up a proper security architecture for it using SASL and/or TLS to support samba and pam SSO.

    I know LDAP very well and have worked with many different servers but trying to find the exactly correct version of openldap to support properly secured passwords for samba manager and root in the DIB was a nightmare. I eventually gave up and had to go back to the security requirements phase to get around it.

    As for hoping to train up the less experienced admins on the system, I was pretty sure that would never be possible.
  • by askegg (599634) on Thursday May 26, 2005 @08:00AM (#12643327)
    Not true. Novell eDirectory has been proven to scale to at least 1 billion objects [sun.com] in 2000. Administration involved breaking the users into 4 groups of 250,000 each and replicating them between the servers. With Novell's management tools [novell.com], this is trival.
  • Re:Comparison (Score:2, Informative)

    by ian13550 (697991) on Thursday May 26, 2005 @09:11AM (#12643730)
    Wow -- you should not talk about Sun ONE because you obviously don't know what you are talking about. What version of Sun ONE did you use? 4.x from 1999? You information is not correct at all and badly outdated.

    As of iPlanet 5.1 (before re-branding) you could do 2 way multi-master replication (with schema replication, etc etc etc) and with Sun ONE 5.2 (post-rebranding) you can do true attribute-based multi-master replication.

    eDirectory has a MAJOR fault where the thread processing a BIND attempt goes to sleep for 3sec to prevent brute force password attacks. In a high traffic environment, 3sec is a damn eternity. Oh yeah, the morons at Novell decided that this is hardcoded into the product and cannnot be disabled

    AD is a total joke. Don't even talk about using it in a *real* production environment. Most of the shit is badly documented and is not used by serious retail consumer sites.

    You are 100% correct that the eDir replication robustness is the best in the business. If you are serious about a true multi-datecenter environment that is replicated in real-time over a WAN -- eDir is great. Also, the eDir admin console is light years ahead as well -- but who the hell ever uses the GUI to admin a production Directory server??? Sun ONE has EVERY command available via the command line -- and some that the GUI can't even comprehend.

    For pure read speed -- not many products can touch Sun ONE when properly tuned (allidthreshold, indexes, etc).
  • Re:Comparison (Score:3, Informative)

    by alistair (31390) <`moc.padltoh' `ta' `riatsila'> on Thursday May 26, 2005 @09:55AM (#12644175)
    Hmmm, don't know what I am talking about, 7 years running a team of 8 people implementing a global LDAP service for a Fortune 500 Company, beta tester for SUN ONE versions 5.1 and 5.2 (including being the only person to submit a P1 bug on the 5.2 version) speaker at the RSA Conference Europe on Identity Management in 2003 and accepted for 2005, sorry if I need to dig out my cluestick.

    With eDirectory and AD, you can update any server and each server then replicated globally. Each have their own mechanism for reconciling conflicts as changes move across the cloud, each with their own drawbacks (although Novell's is more customisable IMHO). However, in theory, you can have 1000 servers all accepting updates.

    When Innosoft launched their DS 5 as was, they took the lead with what they called either failover or standby master. This is the code that SUN bought to build DS 5, and also because they didn't have Smith and Howes who were their lead architects on the iPlanet Directory and gained Mark Wahl, who I think still works for them.

    With DS 5.1 and 5.2 you still have failover or standby masters, with 5.2 you can have 4. SUN rebranded these as Multi Master in response to marketing critisism from MS and Novell. However, it is not true multi-master in the sense of eDirectory or AD, most installations use one master for writes and the 2nd/3rd/4th as failovers. There is a two phase commit between masters before updates are sent to hubs and consumers with NO conflict resolution, which you abolutly need if you are running multi master over slow WAN links or the link between masters breaks while both masters are up and you need to reconcile them when the network link returns.

    Everything else you write is 100% correct, for all my production environments I use SUN ONE 5.2 SP3 and I think they are the fastest on the planet, serving over 1000 searches per second on very cheap Linux hardware (lots of indexes and allids at arount 20% of entry size).

    Consoles do suck but people have to lean somewhere, we have written a Web based interface to SSH to command line that manages our global SUN ONE servers but people have to start somewhere and Novell's is much better than SUN ONE.
  • by DG (989) on Thursday May 26, 2005 @12:27PM (#12646109) Homepage Journal
    Yeesh....

    I ran a major Netscape Directory server installation at a major US automaker. As far as I know, it's still running there. Started at 3.0, and was on 5.x when I left.

    Netscape's internal replication did indeed suck for a while, where the biggest failure was the inability to emancipate a slave directory and make it a master if the master puked.

    I got around that through the brilliantly elegant feature that Netscape had the OpenLDAP did not - the replication ChangeLog was availible via LDAP. I actually wrote a program called replicator.pl - that's right, in PERL! - that handled all our replication and made multi-master happen. Later on, when we bought this upstart young German automaker, that program did real-time replication with real-time schema translation between their directory inrastructure and ours.

    An early version of that program is availible online - it was GPLed - and I have the code for the most up-to-date version if anybody wants it.

    Later on, the internal Netscape->Netscape replication got solid enough to the point where it could be relied on, and replicator.pl was phased out except for where schema translation was required.

    As for the plugin interface, we actually wound up using this. I'm not going to say what for... but it had to do with the way a certain bit of very important information from the mainframe systems got tied into the directory. We had a "oh shit!" moment, I dove into the plugin documentation, and less than an hour later we had a working solution that solved the problem COLD. Saved our collective asses. You might think it horrible, but it solved the problem.

    And as far as speed goes, Netscape handled everything we threw at it. Where eDirectory would just give up and cry, Netscape would go blasting through serving data. It was an awesome bit of work. The Java console sucked, but the server itself was awesome, and Netscape's support was pretty good.

    Now I wanted to try OpenLDAP, but the configuration and installation was a PITA, it didn't support Netscape's ACL syntax, nor would it support ACL updates over LDAP, the replication changelog wasn't availible over LDAP, and whenever I breached these subjects on the OpenLDAP lists, all I ever got was aggressive and nasty grief. People tellling me how what I wanted OpenLDAP to do was stupid.

    Whatever. Good on RedHat. I fully expect those speed improvements will migrate into Netscape's server (God Bless the GPL!) and then the world will have speed, ease of use, and hopefully, a more polite developer base all rolled into one place.

    DG

"Pull the trigger and you're garbage." -- Lady Blue

Working...