Red Hat Opens Netscape Directory 229
suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."
Re:This was an expensive ordeal... (Score:4, Informative)
Goodness, that is a lot of money.
Re:What's ND have that OpenLDAP doesnt? (Score:4, Informative)
Speed, and certain enterprise features like multi-master replication if I remember correctly. It's been a while since Netscape dropped off everyone's radar, and I know they continued work on it after iPlanet broke up.
You can compare them using SLAMD. www.slamd.com
Re:Comparison (Score:2, Informative)
Re:This was an expensive ordeal... (Score:5, Informative)
Re:This was an expensive ordeal... (Score:2, Informative)
Now the CIO knows he/she can buy Red Hat "Professional"
Re:What's ND have that OpenLDAP doesnt? (Score:4, Informative)
Regards,
Steve
Re:This was an expensive ordeal... (Score:2, Informative)
Now that Novell own SuSE I except eDirectory to be the number one Linux LDAP compliant directory available.
Where are they now? (Score:2, Informative)
Where are the other bits of software that once was Netscape Suitespot?
Netscape Calendar was not actually developed by Netscape, but was a version of CS&T's CorporateTime system. CS&T later renamed to Steltor, and is now part of Oracle, CorporateTime forming a large part of their colloboration suite.
Both Netscape and Sun got copies of everything when iPlanet split. Sun still develops and sells them, first as Sun ONE, now as Java Enterprise System. Netscape tried to keep development going for a while, but it kind of stagnated (much in the same way that the Netscape browser stopped moving after the AOL aquisition).
Redhat also got Certificate Server and Enteprise Server (the web server) as part of their deal, see http://www.redhat.com/software/rha/netscape/ [redhat.com] for more.
So where is the other Netscape software? I'm mostly talking about Messaging Server, which is an awesome piece of software, and Collabra Server, which .. isn't. Presumably they're still kicking around in a CVS in the depths of AOL somewhere. Anybody else know anything?
Re:What's ND have that OpenLDAP doesnt? (Score:5, Informative)
Fwiw, I did install a Netscape Directory Server on a HP-UX 11 machine, not that long ago. It was reasonably straightforward, except in that I had to install a number of OS patches and muck around with kernel parameters.
(Btw, what is it with these big proprietary apps that always want to change your kernel parameters? What on earth does Oracle need 2GB of shared memory for? And 64K file descriptors per process? That's beyond ridiculous. That sounds dangerously like extremely sloppy programming inside the product.)
But I digress. My point is that installing and configuring NDS is not hard, but nothing like "soo but soo easy" either (e.g., a far, far cry from "apt-get install slapd").
Enabling SSL is a PITA if you don't have the Netscape Certificate Server (which I didn't). I involves all manner of funky maneuvering with OpenSSL and some tools that you have to fetch from some obscure page at mozilla.org.
Management is more or less the same than with OpenLDAP, which is to say that it mostly depends on how good or bad are your LDAP client tools. In fairness, I hear the Netscape client is nice. I couldn't use it because the damn thing runs on Windows and I was not about to install that in my laptop just to see a stupid LDAP client.
Replication is probably better than OpenLDAP, though I haven't yet a chance to try it on either one.
As for big environments with many users and clients, until today I would have gone with OpenLDAP (or, if a PHB just had to see a lot of money spent in this, with Novell or Microsoft's directories). That's because nobody had source code to NDS and it was all but discontinued from the vendor. You don't want to find yourself in a position where you know there's a bug in the software, but you can't fix it and your vendor won't because they discontinued the product (and are pretty much out of business themselves, anyway).
Anyway. This is good news, certainly. Though I mostly hope there are parts and components that can be salvaged into slapd.
Re:Enterprise Solutions (Score:3, Informative)
Did RedHat get rights to Netscape Calendar? I thought that was all sold to Steltor as Steltor CorporateTime [steltor.com] before it all got gobbled-up by Oracle and became Oracle Collaboration Suite's Oracle Calendar [oracle.com]. The only reason I know this is because my company was a legacy Steltor CorporateTime customer and we recently completed an upgrade to Oracle Calendar as support was about to expire on the Steltor product.
If Netscape Calenedar was open-sourced, perhaps I could better-understand the proprietary database backend used with it.
What do you know, it ain't dead yet... (Score:3, Informative)
I feel that this may be karmic retribution for Sun railroading us into having to use ^$@#%$&ing pkgadd, instead of those lovely tarball installs of yore, where it all installed into a single directory that I could tar up, or simply blow away if it screwed up... ah, the days of control...
But then, in the short term, the only way that I can see Netscape Directory Server making it into the enterprises that I deal with daily are if it comes bundled or as a dependency for some very well-trusted and established open source app, like maybe a CMS or something such as Bugzilla, or SVN. As an "Enterprise Directory" (ooh aah) it will be a long time before this version could compete, if ever -- everybody wants a stack, these days.
Still, it could be interesting leverage for the big Sun clients who are actually paying for the SJS Directory Server. I think this is the final stage of the commoditization of the animal that is a directory server... damn, I owe a certain Burton Group analyst a beer now...
(-:
Pixie
Re:What's ND have that OpenLDAP doesnt? (Score:4, Informative)
* multi-master replication (up to 4 servers)
* very, VERY extensive plugin interface
* useful access logging and log file analysers
* SNMP reporting
* configuration under cn=config branch (updatable over LDAP)
* you can take backups by sending commands over LDAP
And it's fast as hell, compared to OpenLDAP.
Re:Now if only it had Hula's calendaring and email (Score:1, Informative)
BFD...the IBM LDAP Server has *always* been free (Score:4, Informative)
IBM has licensed its enterprise-class LDAP directory server software free of charge for over 5 years now.
Yep, free. Go to ibm.com and download it for yourself. Anyone. For any purpose.
http://www-306.ibm.com/software/tivoli/products/d
It's currently under the Tivoli brand, going as the IBM Tivoli Directory Server v6.0.
Not only does it pack all the bells and whistles of other enterprise LDAP directories, such as multimaster and cascaded replication models, but instead of flat files it *includes* IBM DB2 UDB enterprise edition database (also licensed free of charge) for its data storage. I've seen the comparative test results, and nothing touches this solution for performance and scalability.
It runs on just about anything, too...including Linux on non-x86 hardware.
And they've always GIVEN it away. Free download.
So, someone explain again WHY any company of any size would PAY for an LDAP solution, or why RedHat giving away Netscape Directory is big news?
SUN ONE not quite direct descendent. (Score:4, Informative)
SUN aquired the Netscape Code in partnership with AOL and also bought Innosoft. SUNs Directory 4.x servers are the Netscape code, 5.x are Innosoft.
Having said that I have happily tested both servers with 4 million entries on a fairly small box and run 500K entries in production. We managed uptimes of in excess of a year on some of our 4.x servers running over a million queries a day, not so bad.
Re:This was an expensive ordeal... (Score:2, Informative)
Re:What's ND have that OpenLDAP doesnt? (Score:2, Informative)
I know LDAP very well and have worked with many different servers but trying to find the exactly correct version of openldap to support properly secured passwords for samba manager and root in the DIB was a nightmare. I eventually gave up and had to go back to the security requirements phase to get around it.
As for hoping to train up the less experienced admins on the system, I was pretty sure that would never be possible.
Re:This was an expensive ordeal... (Score:2, Informative)
Re:Comparison (Score:2, Informative)
As of iPlanet 5.1 (before re-branding) you could do 2 way multi-master replication (with schema replication, etc etc etc) and with Sun ONE 5.2 (post-rebranding) you can do true attribute-based multi-master replication.
eDirectory has a MAJOR fault where the thread processing a BIND attempt goes to sleep for 3sec to prevent brute force password attacks. In a high traffic environment, 3sec is a damn eternity. Oh yeah, the morons at Novell decided that this is hardcoded into the product and cannnot be disabled
AD is a total joke. Don't even talk about using it in a *real* production environment. Most of the shit is badly documented and is not used by serious retail consumer sites.
You are 100% correct that the eDir replication robustness is the best in the business. If you are serious about a true multi-datecenter environment that is replicated in real-time over a WAN -- eDir is great. Also, the eDir admin console is light years ahead as well -- but who the hell ever uses the GUI to admin a production Directory server??? Sun ONE has EVERY command available via the command line -- and some that the GUI can't even comprehend.
For pure read speed -- not many products can touch Sun ONE when properly tuned (allidthreshold, indexes, etc).
Re:Comparison (Score:3, Informative)
With eDirectory and AD, you can update any server and each server then replicated globally. Each have their own mechanism for reconciling conflicts as changes move across the cloud, each with their own drawbacks (although Novell's is more customisable IMHO). However, in theory, you can have 1000 servers all accepting updates.
When Innosoft launched their DS 5 as was, they took the lead with what they called either failover or standby master. This is the code that SUN bought to build DS 5, and also because they didn't have Smith and Howes who were their lead architects on the iPlanet Directory and gained Mark Wahl, who I think still works for them.
With DS 5.1 and 5.2 you still have failover or standby masters, with 5.2 you can have 4. SUN rebranded these as Multi Master in response to marketing critisism from MS and Novell. However, it is not true multi-master in the sense of eDirectory or AD, most installations use one master for writes and the 2nd/3rd/4th as failovers. There is a two phase commit between masters before updates are sent to hubs and consumers with NO conflict resolution, which you abolutly need if you are running multi master over slow WAN links or the link between masters breaks while both masters are up and you need to reconcile them when the network link returns.
Everything else you write is 100% correct, for all my production environments I use SUN ONE 5.2 SP3 and I think they are the fastest on the planet, serving over 1000 searches per second on very cheap Linux hardware (lots of indexes and allids at arount 20% of entry size).
Consoles do suck but people have to lean somewhere, we have written a Web based interface to SSH to command line that manages our global SUN ONE servers but people have to start somewhere and Novell's is much better than SUN ONE.
Re:What's ND have that OpenLDAP doesnt? (Score:3, Informative)
I ran a major Netscape Directory server installation at a major US automaker. As far as I know, it's still running there. Started at 3.0, and was on 5.x when I left.
Netscape's internal replication did indeed suck for a while, where the biggest failure was the inability to emancipate a slave directory and make it a master if the master puked.
I got around that through the brilliantly elegant feature that Netscape had the OpenLDAP did not - the replication ChangeLog was availible via LDAP. I actually wrote a program called replicator.pl - that's right, in PERL! - that handled all our replication and made multi-master happen. Later on, when we bought this upstart young German automaker, that program did real-time replication with real-time schema translation between their directory inrastructure and ours.
An early version of that program is availible online - it was GPLed - and I have the code for the most up-to-date version if anybody wants it.
Later on, the internal Netscape->Netscape replication got solid enough to the point where it could be relied on, and replicator.pl was phased out except for where schema translation was required.
As for the plugin interface, we actually wound up using this. I'm not going to say what for... but it had to do with the way a certain bit of very important information from the mainframe systems got tied into the directory. We had a "oh shit!" moment, I dove into the plugin documentation, and less than an hour later we had a working solution that solved the problem COLD. Saved our collective asses. You might think it horrible, but it solved the problem.
And as far as speed goes, Netscape handled everything we threw at it. Where eDirectory would just give up and cry, Netscape would go blasting through serving data. It was an awesome bit of work. The Java console sucked, but the server itself was awesome, and Netscape's support was pretty good.
Now I wanted to try OpenLDAP, but the configuration and installation was a PITA, it didn't support Netscape's ACL syntax, nor would it support ACL updates over LDAP, the replication changelog wasn't availible over LDAP, and whenever I breached these subjects on the OpenLDAP lists, all I ever got was aggressive and nasty grief. People tellling me how what I wanted OpenLDAP to do was stupid.
Whatever. Good on RedHat. I fully expect those speed improvements will migrate into Netscape's server (God Bless the GPL!) and then the world will have speed, ease of use, and hopefully, a more polite developer base all rolled into one place.
DG