Red Hat Opens Netscape Directory 229
suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."
This was an expensive ordeal... (Score:5, Interesting)
What's ND have that OpenLDAP doesnt? (Score:4, Interesting)
What's the major differences, feature-wise not philosophy-wise (no Free vs free vs Open vs open rants).
From a user perspective (Score:4, Interesting)
How can using ND make my life, as a user/administrator/purveyor of exotic animals, easier?
I think that is a useful question to ask any time a "new" feature is presented.
Re:What's ND have that OpenLDAP doesnt? (Score:5, Interesting)
single-authentication, user-identity management and multimaster replication. Also, centralized phone book, employee locator and org-chart tool.
I would also suggest that the speed complaints that people have with OpenLDAP wouldn't be there.
Re:What's ND have that OpenLDAP doesnt? (Score:5, Interesting)
Netscape Directory is sooooooo but soooo easy to install, manage (with a little gui if you want), replicate. It's really important in a big environment with thousands of users and hundreds of servers that really on ldap servers! I would never do that with OpenLDAP!
Comparison (Score:5, Interesting)
Re:Comparison (Score:5, Interesting)
Anything else, to me, is a weak imitation--but I guess as long as your directory speaks LDAP all is well. Unless it's Active Directory--which is really just a set of "nested" domains with automated trust relationships. And that part makes it a huge pain in the ass to maintain. (The trick to this is to throw an AD domain into eDirectory and have eDirectory manage the whole thing - it is so flexible it can manage _other directories._)
NDS has always "just worked" - move, rename & merge tasks are super-easy. How does ND handle all of this?
Re:What's ND have that OpenLDAP doesnt? (Score:5, Interesting)
Now, that isn't necessarily a bad thing in and of itself, but when you're trying to bootstrap a real, useful corporate directory service from scratch, it's a hell of a learning curve.
Netscape/SunONE Directory Server was less hacker-friendly, but it would take you from zero to a functioning directory in about 30 minutes, not including hiring a temp to type in all of the corporate info.
It had its quirks, and I worry about the codebase being a bit... rotted these days. But I'm happy to see it hitting OSS-land. A little competition for OpenLDAP can only improve matters.
Re:Comparison (Score:4, Interesting)
This has huge potential (Score:5, Interesting)
Red Hat releasing it under the GPL is a good thing, any way that you look at it. Cool product, "big name company" supporting it, and oodles of applications that can already use many of its functions.
Now, if someone would slurp up Netscape Calendaring Server and release *that* under the GPL..
If the Netscape SuiteSpot Server suite still existed and was under the GPL, there's your Exchange-killer right there.
Re:Comparison (Score:1, Interesting)
Now if only it had Hula's calendaring and email (Score:5, Interesting)
A killer kombination for Open Source.
OpenLDAP is not hard to configure. (Score:2, Interesting)
Sun Directory Server vs. Netscape Directory Server (Score:3, Interesting)
LDAP is lightweight (Score:4, Interesting)
The problem with LDAP is that adding the 'L' (lightweight) to the 'DAP' (directory access protocol) removed many features including, most noticably, proper distribution of data over multiple servers and proper chaining of requests.
Proper distribution and request chaining protools would allow Linux systems and MS systems to share a perceived common user data store. At the moment, hybrid enterprises are forced to support multiple islands of trust in the organization. It also sets the operational limits of the system to an enterprise/employee rather than a global/customer scale solution.
Still, it's a good thing that Red Hat is implementing a directory based identity management solution. It's a step in the right direction.
Re:LDAP is lightweight (Score:3, Interesting)
As to directory based ID management, Linux (including Redhat) has had it for eons. You have always had your choice of using kerberos or LDAP or NIS or whatever you like. In fact, I have done some set-ups ~4 years ago where we used LDAP for the ID. It Worked fine.
Re:What's ND have that OpenLDAP doesnt? (Score:2, Interesting)
We used SUN/One for SprintPCS and....... it sucked (Score:5, Interesting)
However... in the -production- environment, with 10's of millions of ldap objects connected to SprintPCS's provisioning systems which were making 1,000+ ldap writes --a minute-- the SunOne system absolutely blew chunks.
LDAP architects will ask what the hell we were doing with the entire database in one ldap instance rather than partition the dataset, and they'd be right, but we were acting under Sun's direction since at the time we had one of (if not) the largest LDAPs in the world.
LDAP architects would also wonder why on earth you would ask an ldap server to live under such a write intensive churn, and they'd be right again.
That being said...
-- Multimaster replication would never ever work. Most of the time the entire SprintPCS userbase was hanging off one master and less than 4 replication slaves. For several months the entire messaging system was wedged into a single point of failure nightmare. (to be fair, this wasn't all slapd's fault and had 1/2 of the root cause in Sprint Datacenter practices which produced predictable results [internetnews.com])
-- Other posters asked for SunOne Calendar server to be opensourced. My first response is to suggest you have your head examined since that thing would die for absolutely no reason on a regular basis. We actually automated the process of detecting its death and restoring from last night's backup. If you were a SprintPCS customer and your calendar ever seemed screwy now you know why. Of course further reflection suggested opensourcing it is probably the only thing that could help at this point because...
-- We used to get hotfix builds from Sun which were missing entire sections of the binaries. Whoever was managing the code would forget to use the same compilation flags for hotfixes as original code so we would receive webmail frontend builds which couldn't talk to imap backends, or calendar backends which wouldn't accept connections from calendar front ends.
-- SOL if you wanted to run more than 4G of memory in slapd.
Dont consider this post a rant, just let any CIO's/etc. reading this know that this opensource release will probably work great for you if you dont load it heavily (unlike exchange 5x, which would grenade just sitting there)
On the other hand, if you want to push the performance envelope, pretty much expect it to take alot of time and cause a bunch of headaches -in production-. Get help from people who have pushed the performance of the tools you are considering running.
Weird mood tonight.
Re:Netscape Directory **IS** OpenLDAP (Score:4, Interesting)
See for yourself:
http://www.stanford.edu/services/directory/openld
OpenLDAP 2.0 is slow, snail's pace, frozen molasses slow. That's the release that RedHat has bundled for years, up to RH9 and even beyond. It's only in the past few months that anything from them (Fedora Core) has shipped anything newer.
OpenLDAP 2.1 is over Two Hundred Times faster than OpenLDAP 2.0 and already significantly faster than Netscape 5. OpenLDAP 2.2 is 30-50% faster than OpenLDAP 2.1 and leaves Netscape in the dust. OpenLDAP 2.3 is faster yet.
Re:What's ND have that OpenLDAP doesnt? (Score:4, Interesting)
re: plugin interface - OpenLDAP supports both the (incredibly inefficient) Netscape plugin interface and its own (incredibly fast) plugin architecture.
re: logging - "useful" is a subjective term. Since you don't explain what this means, it's difficult to comment further on it.
re: SNMP reporting - you're right, this is lacking in OpenLDAP, and for IT purchasers going down the checklist of "must haves" this can be a problem. The NetSNMP package is an easy solution here, especially with all of the information provided by OpenLDAP's cn=monitor. I know of several commercial OpenLDAP deployments where this was an issue at first, but integrating NetSNMP allowed the OpenLDAP deployment to proceed.
re: cn=config - This is implemented in OpenLDAP 2.3. And it doesn't require a server restart to make new plugin settings and other changes take effect, unlike Netscape/SunOne.
re: backups via LDAP-initiated commands - this topic actually came up on the openldap-devel mailing list recently. The conclusion was that it was a band-aid Netscape needed for their lame replication mechanism.
re: fast as hell - OpenLDAP 2.1 beats Netscape into the dirt. OpenLDAP 2.2 is even faster, and scales to large numbers of clients even better. If you still believe Netscape is faster than OpenLDAP, you haven't used a recent release of OpenLDAP.
Re:This was an expensive ordeal... (Score:3, Interesting)
(Leaving aside the obvious question of using SunOne for anything at all...)
Re:BFD...the IBM LDAP Server has *always* been fre (Score:2, Interesting)
I didn't download it though, so I don't know what the exact terms of use are.
The fact that there is a "Buy Now" would suggest that the eval copy is for testing but not production. Just a guess though.
Re:I'm sure OpenLDAP 17 will be faster still (Score:3, Interesting)
We used Netscape's Directory Server. There were hundreds of apps pointing at it, and the main Internet proxy server used it as the authentication service.
Over a million objects, hundreds of thousands of searches per day. It might crash once or twice per year, and never corrupted anything.
The management GUI sucked, but it was an outstanding product in all other respects.
DG