Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Red Hat Software Businesses The Internet

Red Hat Opens Netscape Directory 229

suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."
This discussion has been archived. No new comments can be posted.

Red Hat Opens Netscape Directory

Comments Filter:
  • by coop0030 ( 263345 ) * on Wednesday May 25, 2005 @11:07PM (#12641496) Homepage
    Red hat paid $20.5 million for this LDAP. Will they get that in return? Is it possible with this type of software?

  • by stratjakt ( 596332 ) on Wednesday May 25, 2005 @11:08PM (#12641503) Journal
    I think this is a good thing, I'm just honestly curious, having messed around with OpenLDAP, and never really doing much with ND.

    What's the major differences, feature-wise not philosophy-wise (no Free vs free vs Open vs open rants).
  • by Dancin_Santa ( 265275 ) <DancinSanta@gmail.com> on Wednesday May 25, 2005 @11:12PM (#12641529) Journal
    How does this improve my user experience?

    How can using ND make my life, as a user/administrator/purveyor of exotic animals, easier?

    I think that is a useful question to ask any time a "new" feature is presented.
  • by bernywork ( 57298 ) * <bstapleton@@@gmail...com> on Wednesday May 25, 2005 @11:13PM (#12641532) Journal
    From TFA:

    single-authentication, user-identity management and multimaster replication. Also, centralized phone book, employee locator and org-chart tool.

    I would also suggest that the speed complaints that people have with OpenLDAP wouldn't be there.
  • by {X-Frog} ( 122801 ) <cedric&froggystyle,ca> on Wednesday May 25, 2005 @11:14PM (#12641545) Homepage
    I didn't really use both a lot, but I tried to set up an Open LDAP server with some modification to the default templates, it was a fucking HELL to make it works!

    Netscape Directory is sooooooo but soooo easy to install, manage (with a little gui if you want), replicate. It's really important in a big environment with thousands of users and hundreds of servers that really on ldap servers! I would never do that with OpenLDAP!
  • Comparison (Score:5, Interesting)

    by rsax ( 603351 ) on Wednesday May 25, 2005 @11:15PM (#12641553)
    I know this story is going to prompt people wanting to know how the Netscape directory server compares with OpenLDAP. I've never used the Netscape one but what I would really love to know is how does it stack up against Novell eDirectory [novell.com]? eDirectory isn't open source but the licenses are damn cheap, the first 250,000 licenses are free. Any LDAP experts care to share their opinions?
  • Re:Comparison (Score:5, Interesting)

    by deviator ( 92787 ) <bdpNO@SPAMamnesia.org> on Wednesday May 25, 2005 @11:36PM (#12641664) Homepage
    I have to say that while I've not worked with ND, Novell eDirectory (formerly NDS) is a technically brilliant tour de force. It's a really amazing package; multimaster replication; multimaster schema changes; extremely efficient over slow links, unbelieveably secure (and has some really sophisicated extensible authentication systems), works on every platform under the sun, the APIs & developer tools are extremely mature, scales like crazy and runs super-fast, and like the previous poster said, it's CHEAP.

    Anything else, to me, is a weak imitation--but I guess as long as your directory speaks LDAP all is well. Unless it's Active Directory--which is really just a set of "nested" domains with automated trust relationships. And that part makes it a huge pain in the ass to maintain. (The trick to this is to throw an AD domain into eDirectory and have eDirectory manage the whole thing - it is so flexible it can manage _other directories._)

    NDS has always "just worked" - move, rename & merge tasks are super-easy. How does ND handle all of this?

  • by Doktor Memory ( 237313 ) on Wednesday May 25, 2005 @11:38PM (#12641681) Journal
    OpenLDAP is basically an LDAP toolkit. You've got your LDAP server, client libraries, command-line tools... but that's it. What you build with it is up to you, and you're starting from scratch each time pretty much.

    Now, that isn't necessarily a bad thing in and of itself, but when you're trying to bootstrap a real, useful corporate directory service from scratch, it's a hell of a learning curve.

    Netscape/SunONE Directory Server was less hacker-friendly, but it would take you from zero to a functioning directory in about 30 minutes, not including hiring a temp to type in all of the corporate info.

    It had its quirks, and I worry about the codebase being a bit... rotted these days. But I'm happy to see it hitting OSS-land. A little competition for OpenLDAP can only improve matters.
  • Re:Comparison (Score:4, Interesting)

    by ScytheBlade1 ( 772156 ) <scytheblade1@nospAM.averageurl.com> on Wednesday May 25, 2005 @11:39PM (#12641683) Homepage Journal
    It does indeed [samba.org] look like that they're building their own LDAP server. I'd have to search the mailing lists for reasons as to why, but if it's the same quality as their current products, it won't be a let down.
  • by EvilStein ( 414640 ) <spam@nosPAm.pbp.net> on Wednesday May 25, 2005 @11:44PM (#12641705)
    I've used OpenLDAP and Netscape Directory Server. NDS is a *very very very* cool product. It's easy to use, scales like there's no tomorrow (it was the backend for a lot of the older Netscape Netcenter sign on functions) and it's nice & documented. (I still have books for it)

    Red Hat releasing it under the GPL is a good thing, any way that you look at it. Cool product, "big name company" supporting it, and oodles of applications that can already use many of its functions.

    Now, if someone would slurp up Netscape Calendaring Server and release *that* under the GPL..
    If the Netscape SuiteSpot Server suite still existed and was under the GPL, there's your Exchange-killer right there.
  • Re:Comparison (Score:1, Interesting)

    by Anonymous Coward on Wednesday May 25, 2005 @11:52PM (#12641750)
    The earlier question of why Red Hat would do this is answered...The Novell eDirectory is a signficant competitor...It's unlikely that Red Hat would want it to become the de facto LDAP.
  • by gnatware ( 138810 ) <peter@NOSpAM.zingg.name> on Wednesday May 25, 2005 @11:54PM (#12641756)
    Can RH possibly integrate the http://hula-project.org/ [hula-project.org] into this roll out? I would really like to have THE non-M$ directory/email/calendaring system running for my school district: single sign-on and email accounts for teachers, staff, students, parents... with Mac OS X Server directory delegation, Kerberos, etc.

    A killer kombination for Open Source.
  • by Some Random Username ( 873177 ) on Thursday May 26, 2005 @12:06AM (#12641824) Journal
    My first ever experience with LDAP was with openldap, and it took 10 minutes to configure, and then maybe an hour to work out how I wanted my schema, and write an ldif of it to import. Unless it used to be significantly different than it is now, I can't see any way anyone could think its hard to configure.
  • by mrbill ( 4993 ) <mrbill@mrbill.net> on Thursday May 26, 2005 @12:20AM (#12641886) Homepage
    Isn't Sun's Directory Server [sun.com] based off this as well? I thought they'd acquired all the old Netscape stuff back in the Netscape/iPlanet days.
  • LDAP is lightweight (Score:4, Interesting)

    by Sufood ( 861621 ) on Thursday May 26, 2005 @12:35AM (#12641950)
    It's all very well and good to have a lightweight directory system as part of your operating system. However, if Red Hat wants it's identity management system to be more than a lightweight, it should consider asking Netscape to implement more features of the X.500 Directory standard.

    The problem with LDAP is that adding the 'L' (lightweight) to the 'DAP' (directory access protocol) removed many features including, most noticably, proper distribution of data over multiple servers and proper chaining of requests.

    Proper distribution and request chaining protools would allow Linux systems and MS systems to share a perceived common user data store. At the moment, hybrid enterprises are forced to support multiple islands of trust in the organization. It also sets the operational limits of the system to an enterprise/employee rather than a global/customer scale solution.

    Still, it's a good thing that Red Hat is implementing a directory based identity management solution. It's a step in the right direction.

  • by WindBourne ( 631190 ) on Thursday May 26, 2005 @12:45AM (#12641987) Journal
    LDAP has been able to do distribution over multiple servers for some time. The L in LDAP modifies the protocol, not the server software.

    As to directory based ID management, Linux (including Redhat) has had it for eons. You have always had your choice of using kerberos or LDAP or NIS or whatever you like. In fact, I have done some set-ups ~4 years ago where we used LDAP for the ID. It Worked fine.
  • I'm not an oracle dev, but I imagine that given oracle's reputation, they want the server to just work, regardless of load spikes, etc. There could be some unforseen time when you need 64k files open, like doing a massive modification to your database layout. Oracle just wants to make sure that it can do crazy things like that ahead of time, without having the system crash.
  • by dlippolt ( 100881 ) on Thursday May 26, 2005 @02:56AM (#12642456) Homepage
    In the development and staging environments it was great. As other posters mentioned you could get from zero to something usable in less than 30 minutes. Everything was as you would expect.

    However... in the -production- environment, with 10's of millions of ldap objects connected to SprintPCS's provisioning systems which were making 1,000+ ldap writes --a minute-- the SunOne system absolutely blew chunks.

    LDAP architects will ask what the hell we were doing with the entire database in one ldap instance rather than partition the dataset, and they'd be right, but we were acting under Sun's direction since at the time we had one of (if not) the largest LDAPs in the world.

    LDAP architects would also wonder why on earth you would ask an ldap server to live under such a write intensive churn, and they'd be right again.

    That being said...

    -- Multimaster replication would never ever work. Most of the time the entire SprintPCS userbase was hanging off one master and less than 4 replication slaves. For several months the entire messaging system was wedged into a single point of failure nightmare. (to be fair, this wasn't all slapd's fault and had 1/2 of the root cause in Sprint Datacenter practices which produced predictable results [internetnews.com])

    -- Other posters asked for SunOne Calendar server to be opensourced. My first response is to suggest you have your head examined since that thing would die for absolutely no reason on a regular basis. We actually automated the process of detecting its death and restoring from last night's backup. If you were a SprintPCS customer and your calendar ever seemed screwy now you know why. Of course further reflection suggested opensourcing it is probably the only thing that could help at this point because...

    -- We used to get hotfix builds from Sun which were missing entire sections of the binaries. Whoever was managing the code would forget to use the same compilation flags for hotfixes as original code so we would receive webmail frontend builds which couldn't talk to imap backends, or calendar backends which wouldn't accept connections from calendar front ends.

    -- SOL if you wanted to run more than 4G of memory in slapd.

    Dont consider this post a rant, just let any CIO's/etc. reading this know that this opensource release will probably work great for you if you dont load it heavily (unlike exchange 5x, which would grenade just sitting there)

    On the other hand, if you want to push the performance envelope, pretty much expect it to take alot of time and cause a bunch of headaches -in production-. Get help from people who have pushed the performance of the tools you are considering running.

    Weird mood tonight.
  • by hyc ( 241590 ) on Thursday May 26, 2005 @04:34AM (#12642678) Homepage Journal
    Not since 1999-2000. The overall shape is still similar but the internal details have all been reimplemented by the OpenLDAP Project. Today OpenLDAP is miles ahead of Netscape in terms of performance, scalability, and stability.

    See for yourself:

    http://www.stanford.edu/services/directory/openlda p/history/index.html [stanford.edu]

    OpenLDAP 2.0 is slow, snail's pace, frozen molasses slow. That's the release that RedHat has bundled for years, up to RH9 and even beyond. It's only in the past few months that anything from them (Fedora Core) has shipped anything newer.

    OpenLDAP 2.1 is over Two Hundred Times faster than OpenLDAP 2.0 and already significantly faster than Netscape 5. OpenLDAP 2.2 is 30-50% faster than OpenLDAP 2.1 and leaves Netscape in the dust. OpenLDAP 2.3 is faster yet.
  • by hyc ( 241590 ) on Thursday May 26, 2005 @04:49AM (#12642715) Homepage Journal
    re: multi-master - like the SprintPCS guy said a few posts over - prone to failure and database corruption, utterly useless in an enterprise deployment.

    re: plugin interface - OpenLDAP supports both the (incredibly inefficient) Netscape plugin interface and its own (incredibly fast) plugin architecture.

    re: logging - "useful" is a subjective term. Since you don't explain what this means, it's difficult to comment further on it.

    re: SNMP reporting - you're right, this is lacking in OpenLDAP, and for IT purchasers going down the checklist of "must haves" this can be a problem. The NetSNMP package is an easy solution here, especially with all of the information provided by OpenLDAP's cn=monitor. I know of several commercial OpenLDAP deployments where this was an issue at first, but integrating NetSNMP allowed the OpenLDAP deployment to proceed.

    re: cn=config - This is implemented in OpenLDAP 2.3. And it doesn't require a server restart to make new plugin settings and other changes take effect, unlike Netscape/SunOne.

    re: backups via LDAP-initiated commands - this topic actually came up on the openldap-devel mailing list recently. The conclusion was that it was a band-aid Netscape needed for their lame replication mechanism.

    re: fast as hell - OpenLDAP 2.1 beats Netscape into the dirt. OpenLDAP 2.2 is even faster, and scales to large numbers of clients even better. If you still believe Netscape is faster than OpenLDAP, you haven't used a recent release of OpenLDAP.
  • by hyc ( 241590 ) on Thursday May 26, 2005 @05:05AM (#12642768) Homepage Journal
    Sun has backpedaled on Linux so many times; if anyone still considers using SunOne on Linux today they've got to be a complete and total moron.

    (Leaving aside the obvious question of using SunOne for anything at all...)
  • by sceptre1067 ( 197404 ) on Thursday May 26, 2005 @05:42AM (#12642861) Journal
    At the bottom of the page is the download link. It does appear to go to a "free" evaluation/beta copy.

    I didn't download it though, so I don't know what the exact terms of use are.

    The fact that there is a "Buy Now" would suggest that the eval copy is for testing but not production. Just a guess though.
  • by DG ( 989 ) on Thursday May 26, 2005 @06:41AM (#12643064) Homepage Journal
    I ran the Corporate Directory for a major US automaker for a number of years.

    We used Netscape's Directory Server. There were hundreds of apps pointing at it, and the main Internet proxy server used it as the authentication service.

    Over a million objects, hundreds of thousands of searches per day. It might crash once or twice per year, and never corrupted anything.

    The management GUI sucked, but it was an outstanding product in all other respects.


Outside of a dog, a book is man's best friend. Inside of a dog, it is too dark to read.