Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Red Hat Opens Netscape Directory

samzenpus posted more than 9 years ago | from the it's-good-to-share dept.

Red Hat Software 229

suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."

cancel ×

229 comments

Sorry! There are no comments related to the filter you selected.

fpee (0, Offtopic)

Ads are broken (718513) | more than 9 years ago | (#12641495)

To confirm you're not a script,
please type the text shown in this image:

Re:fpee (0, Offtopic)

SCO$1499FeeTroll (720726) | more than 9 years ago | (#12642165)

To confirm you've paid your $699 licensing fee, please smoke a cock and follow it up with some teabagging.

This was an expensive ordeal... (5, Interesting)

coop0030 (263345) | more than 9 years ago | (#12641496)

Red hat paid $20.5 million for this LDAP. Will they get that in return? Is it possible with this type of software?

Re:This was an expensive ordeal... (4, Informative)

coop0030 (263345) | more than 9 years ago | (#12641563)

I forgot to mention this in my first post...but if enough customers purchase this by April 30th, Red Hat will have to pay an additional $2.5 million.

Goodness, that is a lot of money.

This was an expensive ordeal...MS Flashback. (0)

Anonymous Coward | more than 9 years ago | (#12641642)

"Goodness, that is a lot of money."

Remember this next time someone compares Redhat to Microsoft.

Re:This was an expensive ordeal... (4, Insightful)

Anonymous Coward | more than 9 years ago | (#12641644)

$20M is not a lot of money in Silicon Valley, especially for an enterprise product. Probably nothing compared to Netscape/iPlanet's development costs.

Plus, after years of hotair, RedHat just became credible Windows alternative for internal applications. cheep.

Re:This was an expensive ordeal... (5, Insightful)

LnxAddct (679316) | more than 9 years ago | (#12641680)

In the short term no they wont make this money back right away, but in the long term they'll make it back a thousand fold. Anyone who has ever tried to setup and configure OpenLDAP knows that its not worth it and will send you to a mental hospital fairly quickly. Netscape Directory (or whatever they're calling it now) is not only extremely easy to configure, but it was designed by brilliant engineers. Back a few years ago the engineers were claiming that one typical server running Netscape Directory could handle 200,000 clients. I haven't looked at the code yet, but according to some Red Hat enginneers that I've talked to that have seen it, they confirm that this is probably possible and were generally extrememly impressed with the code quality. Netscape Directory is high quality from its core all the way out to its exterior with easy configuration, how often do you see that in any environment(commercial or open).

I know that a few of the Fedora devs commented on how they also got a whole bunch of additional code that they hadn't even asked for but came along with Netscape Directory that they are still trying to figure out what to do with. In a worst case scenario, they'll just open source it and let the community find uses for it (Red Hat open sources everything they do, they even allow any open source projects free use of any patents they may hold, patents btw are only held as legal defense). This a great advancement for the community and should allow many more businesses to start migrating to linux. Back to my original point though... this will allow many more companies to switch to linux, whether it be Red Hat or some other distro it doesn't matter. Overall it will increase linux's marketshare and as a result make linux more popular leading more businesses to look at it as an alternative. A good percentage of those businesses will probably become Red Hat customers so everyone wins.
Regards,
Steve

Re:This was an expensive ordeal... (5, Informative)

NixLuver (693391) | more than 9 years ago | (#12641729)

Actually, I'm aware of an installation where a single (fairly robust) sun box is running at 200GB db size and 32 million LDAP entries on SunOne (descendant of the Netscape code). It sucks, but it works. Let's be honest - even the NS directory server is a nightmare to set up beyond the most rudimentary schema. Easier than OpenLDAP, true, but *easy*?

Re:This was an expensive ordeal... (2, Insightful)

kjs3 (601225) | more than 9 years ago | (#12641813)

I'm familiar with a SunOne install with somewhat more than 32 million users on a Sun cluster about to go into production for a major cellular provider (in pilot for something short of a year). My impression is that you're comments are spot on correct.

Re:This was an expensive ordeal... (3, Insightful)

KarmaMB84 (743001) | more than 9 years ago | (#12642015)

Configuring anything for serving 32 million user on a cluster isn't going to be pretty ;)

Re:This was an expensive ordeal... (1)

M1FCJ (586251) | more than 9 years ago | (#12642486)

Some time ago I installed a Netscape LDAP 4 family server with about a million users, if they are still using it, it must have had even more by this time. It works folks, it works.

It wasn't that hard to set up either. (That config had a rather simplistic hierarchy).

OpenLDAP is not hard to configure. (1, Interesting)

Some Random Username (873177) | more than 9 years ago | (#12641824)

My first ever experience with LDAP was with openldap, and it took 10 minutes to configure, and then maybe an hour to work out how I wanted my schema, and write an ldif of it to import. Unless it used to be significantly different than it is now, I can't see any way anyone could think its hard to configure.

Re:This was an expensive ordeal... (0)

Anonymous Coward | more than 9 years ago | (#12641868)

i used to run netscape directory on linux and had to migrate to openldap due to licensing issues at the time. netscape was a nightmare to manage and openldap was such a breeze to install and manage.

Re:This was an expensive ordeal... (1)

C0vardeAn0nim0 (232451) | more than 9 years ago | (#12642234)

not only extremely easy to configure

"LDAP" and "easy" are oxymorons.

NS directory may be easier to configure when compared to OpenLDAP, but i bet BOTH are madening when you go past the basic setup. LDAP is a sure path to the looney bin. i know. thats why i dont work with it anymore.

Re:This was an expensive ordeal... (2, Informative)

ehvoy (696364) | more than 9 years ago | (#12641734)

An active directory-killer is something Linux has needed--that is, one that is easy to set up, and has that MS-like integration. I wonder if they'll include integration with BIND/. Looks like Red Hat is going head-to-head with Microsoft to control the corporate LANscape.

Now the CIO knows he/she can buy Red Hat "Professional" :) and Red Hat "Server 200x" and set up a "Domain" with it.

Re:This was an expensive ordeal... (2, Informative)

askegg (599634) | more than 9 years ago | (#12641772)

Novell eDirectory has been available on Linux for sometime and has features Netscape, OpenLDAP, Active Directory and Sun One lack.

Now that Novell own SuSE I except eDirectory to be the number one Linux LDAP compliant directory available.

Re:This was an expensive ordeal... (1)

msp0 (551914) | more than 9 years ago | (#12642065)

And Sun's Directory Server has features that Novell's doesn't. It runs on Linux. So what's your point? As far as technology goes, there are always swings and roundabouts with different vendors. Price, performance, stability, features, support ... these are always up and down. I've heard plenty of things about eDirectory that make me shudder. Accept that you have made a choice you like and others have chosen differently. And that there is no "number one", except in your own mind, for your own situation. Or put your Novell employee ID in your .sig :-P

Re:This was an expensive ordeal... (0)

Anonymous Coward | more than 9 years ago | (#12642244)

Here's what's going on:
+ Microsoft ships with ActiveDirectory
+ Solaris ships with SunOne Directory
+ SuSE Linux ships with (or will) Novell eDirectory
+ RedHat will ship with Netscape/RH Directory

So, "number one" for most people is probably going to depend highly on their choice of operating system. Obviously as the market-leading Linux, RedHat Directory will see a lot of installs out of inertia.

Re:This was an expensive ordeal... (1)

Nailer (69468) | more than 9 years ago | (#12642296)

Red hat paid $20.5 million for this LDAP.

Actually, Red Hat paid 20.5 million for this implementation of LDAP. It's actually the same protocol as everyone else.

What's ND have that OpenLDAP doesnt? (4, Interesting)

stratjakt (596332) | more than 9 years ago | (#12641503)

I think this is a good thing, I'm just honestly curious, having messed around with OpenLDAP, and never really doing much with ND.

What's the major differences, feature-wise not philosophy-wise (no Free vs free vs Open vs open rants).

Re:What's ND have that OpenLDAP doesnt? (5, Interesting)

bernywork (57298) | more than 9 years ago | (#12641532)

From TFA:

single-authentication, user-identity management and multimaster replication. Also, centralized phone book, employee locator and org-chart tool.

I would also suggest that the speed complaints that people have with OpenLDAP wouldn't be there.

Re:What's ND have that OpenLDAP doesnt? (1)

stratjakt (596332) | more than 9 years ago | (#12641698)

You can do all that stuff in OpenLDAP, and I wasn't really aware of any speed complaints. I guess it's about as fast as the backend you use (mysql/bdb/etc)

Re:What's ND have that OpenLDAP doesnt? (4, Informative)

LnxAddct (679316) | more than 9 years ago | (#12641739)

Netscape Directory is very very fast and very very easy to install and configure. After using OpenLDAP, I'm sure everyone can agree that it is not worth your sanity just to configure a program:) Netscape Directory makes this all easy, it integrates well and is highly efficient. As I said in another post, the Netscape engineers who coded this (very bright guys) claim that one mid to high end server running Netscape Directoy can handle 200,000 clients. This is a huge gain for linux in enterprise.
Regards,
Steve

Re:What's ND have that OpenLDAP doesnt? (1)

tweek (18111) | more than 9 years ago | (#12641932)

The only reason Netscape is faster is because they cache the whole fucking btree in memory and operates on that. I'm not sure how often it flushes to disk though.

Re:What's ND have that OpenLDAP doesnt? (0)

Anonymous Coward | more than 9 years ago | (#12642034)

And that's a problem how?

Re:What's ND have that OpenLDAP doesnt? (0)

Anonymous Coward | more than 9 years ago | (#12642409)

Actually, my experience of NDS was that OpenLDAP vastly outperforms NDS, and is a million more times stable. I've run Stanford's Directory service for over 5 years, part of that time on NDS, part of it on OpenLDAP, and I can't see any scenario that would make me switch back to NDS. It is a horribly broken piece of software that would be better off being put out of its misery.

See:
http://www.stanford.edu/services/directory /openlda p/history/index.html>

Re:What's ND have that OpenLDAP doesnt? (5, Interesting)

{X-Frog} (122801) | more than 9 years ago | (#12641545)

I didn't really use both a lot, but I tried to set up an Open LDAP server with some modification to the default templates, it was a fucking HELL to make it works!

Netscape Directory is sooooooo but soooo easy to install, manage (with a little gui if you want), replicate. It's really important in a big environment with thousands of users and hundreds of servers that really on ldap servers! I would never do that with OpenLDAP!

Re:What's ND have that OpenLDAP doesnt? (4, Informative)

Panoramix (31263) | more than 9 years ago | (#12641938)

Fwiw, I did install a Netscape Directory Server on a HP-UX 11 machine, not that long ago. It was reasonably straightforward, except in that I had to install a number of OS patches and muck around with kernel parameters.

(Btw, what is it with these big proprietary apps that always want to change your kernel parameters? What on earth does Oracle need 2GB of shared memory for? And 64K file descriptors per process? That's beyond ridiculous. That sounds dangerously like extremely sloppy programming inside the product.)

But I digress. My point is that installing and configuring NDS is not hard, but nothing like "soo but soo easy" either (e.g., a far, far cry from "apt-get install slapd").

Enabling SSL is a PITA if you don't have the Netscape Certificate Server (which I didn't). I involves all manner of funky maneuvering with OpenSSL and some tools that you have to fetch from some obscure page at mozilla.org.

Management is more or less the same than with OpenLDAP, which is to say that it mostly depends on how good or bad are your LDAP client tools. In fairness, I hear the Netscape client is nice. I couldn't use it because the damn thing runs on Windows and I was not about to install that in my laptop just to see a stupid LDAP client.

Replication is probably better than OpenLDAP, though I haven't yet a chance to try it on either one.

As for big environments with many users and clients, until today I would have gone with OpenLDAP (or, if a PHB just had to see a lot of money spent in this, with Novell or Microsoft's directories). That's because nobody had source code to NDS and it was all but discontinued from the vendor. You don't want to find yourself in a position where you know there's a bug in the software, but you can't fix it and your vendor won't because they discontinued the product (and are pretty much out of business themselves, anyway).

Anyway. This is good news, certainly. Though I mostly hope there are parts and components that can be salvaged into slapd.

Re:What's ND have that OpenLDAP doesnt? (2, Interesting)

ocelotbob (173602) | more than 9 years ago | (#12642124)

I'm not an oracle dev, but I imagine that given oracle's reputation, they want the server to just work, regardless of load spikes, etc. There could be some unforseen time when you need 64k files open, like doing a massive modification to your database layout. Oracle just wants to make sure that it can do crazy things like that ahead of time, without having the system crash.

Re:What's ND have that OpenLDAP doesnt? (1)

Nailer (69468) | more than 9 years ago | (#12642323)

But I digress. My point is that installing and configuring NDS is not hard, but nothing like "soo but soo easy" either (e.g., a far, far cry from "apt-get install slapd").

Enabling SSL is a PITA if you don't have the Netscape Certificate Server (which I didn't). I involves all manner of funky maneuvering with OpenSSL and some tools that you have to fetch from some obscure page at mozilla.org.


It sounds like most of your problems were to do with install and configuration. The install will consist of:

up2date redhat-directory

I'd be surprised if the configuration wasn't either a GTK2 app called 'system-config-directory' or a web based tool (to get an idea of the quality of a Red Hat web based config tool, check out Red Hat Network Satellite).

Re:What's ND have that OpenLDAP doesnt? (3, Informative)

Temkin (112574) | more than 9 years ago | (#12641605)



Speed, and certain enterprise features like multi-master replication if I remember correctly. It's been a while since Netscape dropped off everyone's radar, and I know they continued work on it after iPlanet broke up.

You can compare them using SLAMD. www.slamd.com

Re:What's ND have that OpenLDAP doesnt? (5, Interesting)

Doktor Memory (237313) | more than 9 years ago | (#12641681)

OpenLDAP is basically an LDAP toolkit. You've got your LDAP server, client libraries, command-line tools... but that's it. What you build with it is up to you, and you're starting from scratch each time pretty much.

Now, that isn't necessarily a bad thing in and of itself, but when you're trying to bootstrap a real, useful corporate directory service from scratch, it's a hell of a learning curve.

Netscape/SunONE Directory Server was less hacker-friendly, but it would take you from zero to a functioning directory in about 30 minutes, not including hiring a temp to type in all of the corporate info.

It had its quirks, and I worry about the codebase being a bit... rotted these days. But I'm happy to see it hitting OSS-land. A little competition for OpenLDAP can only improve matters.

Proper replication (2, Funny)

Nailer (69468) | more than 9 years ago | (#12641895)

Asides from Multi master replication (OPenLDAP onyl allows a single master), Netscape directory server solves the 'OpenLDAP being fucking retarded, and holding ACLs to objects in the directory OUTSIDE the directory, therefore replicating objects before their access controls' issue.

Re:What's ND have that OpenLDAP doesnt? (4, Informative)

kauttapiste (633236) | more than 9 years ago | (#12642263)

Well, throwing some features off the top of my head:

* multi-master replication (up to 4 servers)
* very, VERY extensive plugin interface
* useful access logging and log file analysers
* SNMP reporting
* configuration under cn=config branch (updatable over LDAP)
* you can take backups by sending commands over LDAP

And it's fast as hell, compared to OpenLDAP.

Re:What's ND have that OpenLDAP doesnt? (3, Interesting)

hyc (241590) | more than 9 years ago | (#12642715)

re: multi-master - like the SprintPCS guy said a few posts over - prone to failure and database corruption, utterly useless in an enterprise deployment.

re: plugin interface - OpenLDAP supports both the (incredibly inefficient) Netscape plugin interface and its own (incredibly fast) plugin architecture.

re: logging - "useful" is a subjective term. Since you don't explain what this means, it's difficult to comment further on it.

re: SNMP reporting - you're right, this is lacking in OpenLDAP, and for IT purchasers going down the checklist of "must haves" this can be a problem. The NetSNMP package is an easy solution here, especially with all of the information provided by OpenLDAP's cn=monitor. I know of several commercial OpenLDAP deployments where this was an issue at first, but integrating NetSNMP allowed the OpenLDAP deployment to proceed.

re: cn=config - This is implemented in OpenLDAP 2.3. And it doesn't require a server restart to make new plugin settings and other changes take effect, unlike Netscape/SunOne.

re: backups via LDAP-initiated commands - this topic actually came up on the openldap-devel mailing list recently. The conclusion was that it was a band-aid Netscape needed for their lame replication mechanism.

re: fast as hell - OpenLDAP 2.1 beats Netscape into the dirt. OpenLDAP 2.2 is even faster, and scales to large numbers of clients even better. If you still believe Netscape is faster than OpenLDAP, you haven't used a recent release of OpenLDAP.

From a user perspective (4, Interesting)

Dancin_Santa (265275) | more than 9 years ago | (#12641529)

How does this improve my user experience?

How can using ND make my life, as a user/administrator/purveyor of exotic animals, easier?

I think that is a useful question to ask any time a "new" feature is presented.

Re:From a user perspective (4, Insightful)

0racle (667029) | more than 9 years ago | (#12641586)

Ever used the Active directory on Windows? I mean a properly created one in a larger organization. Had to search for an email address of someone in another branch or division? Ever had to log into another machine on that network? Search for printers on another floor?

Well, you can actually do that and more with any LDAP server.

Thanks! Another question (0, Troll)

Dancin_Santa (265275) | more than 9 years ago | (#12641649)

This is probably a stupid, domain-specific question.

I was recently trying to embed my JRun eServer through an SMB pipe to an NNTP share running on a remote VNC server without having to use the required intranet JVM. Would it be possible to attempt to lower my TCO using ND by utilizing the Active Directory installations in one division of the company while retaining administrator rights on the Linux network at the co-loc's Apache web server?

Money isn't a big issue, but keeping costs down is better than paying out the nose, naturally.

Re:Thanks! Another question (0)

Anonymous Coward | more than 9 years ago | (#12641666)

How will this help us liberate copyrighted music and movies? If not, you've got the wrong site.

Re:Thanks! Another question (0)

Anonymous Coward | more than 9 years ago | (#12641670)

BOHICA.

Re:Thanks! Another question (1)

stratjakt (596332) | more than 9 years ago | (#12641717)

That all depends.

Can you provide me with an internet connection that is compatable with my token ring ethernet configuration?

Re:Thanks! Another question (0)

Anonymous Coward | more than 9 years ago | (#12642146)

Answer my question, Mr. "Santa":

Have you stopped FUCKING your children IN THE EAR?

Well... (1)

Craig Ringer (302899) | more than 9 years ago | (#12641781)

You can do distributed authentication, mail routing, etc with LDAP, yes. Building most of the features of AD would involve lots of custom hacking though - for example, to do software auto-installs on log-in.

There's a lot more writing of custom schema and swearing with LDAP than there is with AD, and a LOT less good documentation, but once it works it stays working, unlike AD ;-)

Re:Well... (1)

SparklingClearWit (792141) | more than 9 years ago | (#12641981)

Building most of the features of AD would involve lots of custom hacking though - for example, to do software auto-installs on log-in.

Wrong. Blatant FUD, or pure ignorance.

Look up Group Policy, Intellimirror, and Published Applications under Active Directory. If I say you can have Microsoft Word, you'll get it on *any* domain computer you sit at. If it's not already installed, it will be installed the first time you run it. I can distribute service packs, etc., to different departments or computers using Group Policy. Shit, I can install the entire OS using Remote Installation Services with a PXE-capable computer, if you'd like.

but once it works it stays working, unlike AD ;-)

Again, pure shit. If you plan and deploy it poorly, you'll have a mess. If you do it right, on proper hardware, it will run for years with no problems whatsoever. Delegated authority of OUs, users with specific rights (you can change/reset passwords, but can't add/remove users; YOU can add printers, etc.). The whole Linux crowd crows "RTFM!" unless it's about Microsoft. Jesus, take the time to understand your enemy before just running your mouth.

Re:Well... (2, Insightful)

Craig Ringer (302899) | more than 9 years ago | (#12642058)

Er ... my point was that lots of custom hacking would be required to do with LDAP on *NIX the things that come BUILT IN in AD. I thought it was pretty darn obvious, actually.

My whole point is that you don't get anything even remotely like Group Policy under any *nix LDAP authentication scheme I'm aware of unless you do a lot of custom hacking.

AD is pretty awesome, and I'd really LIKE most of the power it offers on other platforms. As far as I'm concerned that's the biggest thing the Windows platform has going for it. That, and it's documented ;-)

As for AD problems ... what you say is probably true. On the other hand, even quite large organizations often seem to fail to deploy it correctly. A national manufacturing outfit in Australia was bought down for a while because one of their branch offices lost its connection to the WAN, their AD secondary master promoted its self to primary, then the WAN was restored and everything went *splat*. Avoidable? Probably. Need an AD black-magic wizard? Definitely. What's needed is documented somewhere? Without a doubt ... but good luck finding it and understanding it then applying it correctly. The AD admins I've spoken to have all expressed the view that AD is great, but just too damn hard to configure robustly and that it tends to be fragile if not configured exactly right.

I would ask you to, next time, take the time to ACTUALLY READ MY MESSAGE before flaming me out too much, OK? You've been just as bad as the people you're complaining about.

Re:Well... (1)

SparklingClearWit (792141) | more than 9 years ago | (#12642143)

I did go back and re-read it. And I read it backwards, as you say.

I will say it loud here:

I am a tool for flaming Craig Ringer, since I agree with him, but apparently I can't fucking read and comprehend.

That said, on the described situation - yuck. That's definitely weird. You usually have to either transfer (the nice way) or seize (the not-nice way) the FSMO roles, unless you've gone past the 90-day tombstone border; then you're doing a Directory Services Restore mode and some lovely ADSI Edit action. (Bleah)

You're right about some things - you can easily muck shit up, like you say. MS makes it very easy to *install* Active Directory - do a DC Promo, and you're done! Oops, you borked it, and you've got 500+ clients on the domain? Uh oh... time for some UGLY regedits and ADSIEdits.

;0

Thanks for catching me on my stupidity.

Re:Well... (1)

pangloss (25315) | more than 9 years ago | (#12642121)

R E A D I N G, it's fundamental. Try your own dog food: take the time to understand "before just running your mouth".

Re:From a user perspective (1)

ImaLamer (260199) | more than 9 years ago | (#12641676)

Welcome to the world of "Directory Services". They will help you locate resources on the network. As an administrator, enabling or restricting access to resources has now become a lot easier.

Sarcasm aside: It's all about options. Another directory services project/product/option is always a good thing. However, I still want to see Novell return to its former glory. It's a sad day when people are relying on Active Directory, using it as a REAL directory services solution.

But back to the point, it's good to see another option. And it's good to see that RedHat is putting their power behind it.

Re:From a user perspective (1)

Hatta (162192) | more than 9 years ago | (#12641721)

Also, why does this matter since the Mozilla Directory [dmoz.org] is already open?

Re:From a user perspective (1)

caferace (442) | more than 9 years ago | (#12641917)

RTFA. You're comparing apples and orangutans.

Re:From a user perspective (1)

askegg (599634) | more than 9 years ago | (#12641793)

By storing all the items you administer (users, workstations, applications, printers, files, phones, handhelds, etc) you can build a a directory that can store and describe the relationships between everything. True policy based management.

Comparison (4, Interesting)

rsax (603351) | more than 9 years ago | (#12641553)

I know this story is going to prompt people wanting to know how the Netscape directory server compares with OpenLDAP. I've never used the Netscape one but what I would really love to know is how does it stack up against Novell eDirectory [novell.com] ? eDirectory isn't open source but the licenses are damn cheap, the first 250,000 licenses are free. Any LDAP experts care to share their opinions?

Re:Comparison (2, Informative)

Kartoch (38254) | more than 9 years ago | (#12641628)

To add a bit of complexity in this question, I heard that guys from Samba are developping their own LDAP because they are not satisfied with OpenLDAP. Does anyone has more informations/opinions about it ?

Re:Comparison (4, Interesting)

ScytheBlade1 (772156) | more than 9 years ago | (#12641683)

It does indeed [samba.org] look like that they're building their own LDAP server. I'd have to search the mailing lists for reasons as to why, but if it's the same quality as their current products, it won't be a let down.

Re:Comparison (4, Interesting)

deviator (92787) | more than 9 years ago | (#12641664)

I have to say that while I've not worked with ND, Novell eDirectory (formerly NDS) is a technically brilliant tour de force. It's a really amazing package; multimaster replication; multimaster schema changes; extremely efficient over slow links, unbelieveably secure (and has some really sophisicated extensible authentication systems), works on every platform under the sun, the APIs & developer tools are extremely mature, scales like crazy and runs super-fast, and like the previous poster said, it's CHEAP.

Anything else, to me, is a weak imitation--but I guess as long as your directory speaks LDAP all is well. Unless it's Active Directory--which is really just a set of "nested" domains with automated trust relationships. And that part makes it a huge pain in the ass to maintain. (The trick to this is to throw an AD domain into eDirectory and have eDirectory manage the whole thing - it is so flexible it can manage _other directories._)

NDS has always "just worked" - move, rename & merge tasks are super-easy. How does ND handle all of this?

Re:Comparison (1, Interesting)

Anonymous Coward | more than 9 years ago | (#12641750)

The earlier question of why Red Hat would do this is answered...The Novell eDirectory is a signficant competitor...It's unlikely that Red Hat would want it to become the de facto LDAP.

Re:Comparison (1)

wild_berry (448019) | more than 9 years ago | (#12642688)

Where Novell sell complete, supported solutions making use of eDirectory, SuSE et al, Red Hat can now supply a GPL-compliant solution of their own. This may help Red Hat make money in the cases where the use of White Box and other GPL-clones of RHEL provide an entry to Red Hat support contracts.

Re:Comparison (0)

Anonymous Coward | more than 9 years ago | (#12642387)

This http://www.novell.com/products/edirectory/pricing. html [novell.com] says that the price is $2.00 per monkey.

Where are my 250,000 free licenses?!

Don't use sun one directory server (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12641619)

All I know is don't use sun one directory server, it doesn't implement Simple Paged Results (RFC 2696). If you want the first 10 results out of for instance 20,000, you're gonna have to wait until you get all 20,000 results. You can try to use Virtual List View but you need to sort the result set first which makes it pretty much pointless for performance.

Netscape Directory ... (0, Offtopic)

kabz (770151) | more than 9 years ago | (#12641658)

Is this some kind of BitTorrent search engine ?

ODP [dmoz.org]? (1, Redundant)

tepples (727027) | more than 9 years ago | (#12641675)

I thought it was Open Directory Project. [dmoz.org]

so? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12641677)

why should i care?

This has huge potential (4, Interesting)

EvilStein (414640) | more than 9 years ago | (#12641705)

I've used OpenLDAP and Netscape Directory Server. NDS is a *very very very* cool product. It's easy to use, scales like there's no tomorrow (it was the backend for a lot of the older Netscape Netcenter sign on functions) and it's nice & documented. (I still have books for it)

Red Hat releasing it under the GPL is a good thing, any way that you look at it. Cool product, "big name company" supporting it, and oodles of applications that can already use many of its functions.

Now, if someone would slurp up Netscape Calendaring Server and release *that* under the GPL..
If the Netscape SuiteSpot Server suite still existed and was under the GPL, there's your Exchange-killer right there.

This has huge 'killer' potential (0)

Anonymous Coward | more than 9 years ago | (#12641804)

"Now, if someone would slurp up Netscape Calendaring Server and release *that* under the GPL..
If the Netscape SuiteSpot Server suite still existed and was under the GPL, there's your Exchange-killer right there."

If it wasn't an "exchange-killer" before? What makes you think open-sourcing it is going to change that?

Re:This has huge 'killer' potential (1)

EvilStein (414640) | more than 9 years ago | (#12641874)

It *was* an Exchange killer before. The SuiteSpot server stuff predates modern Microsoft Exchange. Back in those days, Exchange was only around 5.x and lacked a *lot* of features. Exchange Server 2003 has matured and added POP/IMAP and many other features that the SuiteSpot server packages had way back when.

Things are a lot different than they were back then... even 5 years ago.

Re:This has huge 'killer' potential (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12642012)

Exchange "killer" is a bit of an overstatement -- featurewise they were about the same -- in fact relying on IMAP can be considered a downside in a corporte environment.

The big downside to the product is that you had to use Netscape 4 client, and the calendaring was kinda clunky. That killed when my company did a comparison with Exchange.

Re:This has huge potential (0)

Anonymous Coward | more than 9 years ago | (#12641980)

Netscape Calendar Server has already been slurped up. It's now called Oracle Corporate Time.

Re: Calendar server too? (1)

catellie (725466) | more than 9 years ago | (#12642274)

Someone DID slurp up Netscape Calendaring Server in a manner of speaking: It was just a rebrand of what was then call CSTime, which after a few name/owner iterations is now owned by Oracle and part of ther collaboraton suite. I agree, it DOES really rock.

Re: Calendar server too? (1)

EvilStein (414640) | more than 9 years ago | (#12642337)

Kind of. From what I heard, the codebase is a little different..

Steltor (CorporateTime) became Oracle Calendar. That's also a cool product. :)

Also in the calendaring realm is MeetingMaker. :)

Re: Calendar server too? (1)

catellie (725466) | more than 9 years ago | (#12642367)

Emphasis on little - the clients appear to work fine with each other, so I'd say the difference is primarily in the branding. The old NS (4.x) browser integrated client is the only significat part I can not find these days (hardly surprising).

Now if only it had Hula's calendaring and email (5, Interesting)

gnatware (138810) | more than 9 years ago | (#12641756)

Can RH possibly integrate the http://hula-project.org/ [hula-project.org] into this roll out? I would really like to have THE non-M$ directory/email/calendaring system running for my school district: single sign-on and email accounts for teachers, staff, students, parents... with Mac OS X Server directory delegation, Kerberos, etc.

A killer kombination for Open Source.

Re:Now if only it had Hula's calendaring and email (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12641819)

Almost, but OS X is not open source, and Apple's policy of promoting software patents in Europe forces me to avoid their software at all costs.

Re:Now if only it had Hula's calendaring and email (1)

Moulinneuf (844899) | more than 9 years ago | (#12641958)

OS X is not Open Source "yet" , I have been saying for years that we should takem out before they become a nuisance. Whas made into a waco for that comment.

Guess what : Apple Mac OS X is actually replacing GNU/Linux in some area now :

http://www.macworld.com/news/2005/05/24/maclinux/i ndex.php?lsrc=mwrss [macworld.com]

Re:Now if only it had Hula's calendaring and email (1, Informative)

Anonymous Coward | more than 9 years ago | (#12642701)

Hula project is funded by Novell.http://hula-project.org/General_FAQ#Relatio nship_with_Novell [hula-project.org] Don't think that Novell will ever support Netscape Directory when they have a better (eDirectory) alternative. Integration with Openldap might be a possibility. Netscape...doubtful

Netscape Directory **IS** OpenLDAP (1)

ramam (882415) | more than 9 years ago | (#12641767)

Aren't both of these largely Tim Howes work from UMich?

Re:Netscape Directory **IS** OpenLDAP (3, Interesting)

hyc (241590) | more than 9 years ago | (#12642678)

Not since 1999-2000. The overall shape is still similar but the internal details have all been reimplemented by the OpenLDAP Project. Today OpenLDAP is miles ahead of Netscape in terms of performance, scalability, and stability.

See for yourself:

http://www.stanford.edu/services/directory/openlda p/history/index.html [stanford.edu]

OpenLDAP 2.0 is slow, snail's pace, frozen molasses slow. That's the release that RedHat has bundled for years, up to RH9 and even beyond. It's only in the past few months that anything from them (Fedora Core) has shipped anything newer.

OpenLDAP 2.1 is over Two Hundred Times faster than OpenLDAP 2.0 and already significantly faster than Netscape 5. OpenLDAP 2.2 is 30-50% faster than OpenLDAP 2.1 and leaves Netscape in the dust. OpenLDAP 2.3 is faster yet.

I'm sure OpenLDAP 17 will be faster still (1)

Gopal.V (532678) | more than 9 years ago | (#12642754)

Not intending to troll, the factor for most enterprise consumers are in this order -
  • stability
  • scalability
  • security
  • single box performance
I'd really want to wait until someone says OpenLDAP 2.1 is secure and stable before I push it onto a box.

Is this an answer to Palladium? (0)

Anonymous Coward | more than 9 years ago | (#12641771)

Does the user authentication they talk about in tfa do the important parts of what Palladium was supposed to do? Everyone was VERY upset about Palladium and rightly so. It would have removed our control of our own computers.

It sounds to me as if this would make Palladium unnecessary. Or, as often happens, have I missed something?

Enterprise Solutions (3, Insightful)

kjs3 (601225) | more than 9 years ago | (#12641779)

This isn't particularly big news for the SMB market, but for the enterprise market, this is a huge open source win. Quality, scalable, enterprise capable LDAP solutions are a hot topic in all of the Fortune 500 sized companies that I deal with, and ND has a track record of being able to play ball there.

Now if they would only open source Netscape calendaring...

Re:Enterprise Solutions (2, Informative)

lactose99 (71132) | more than 9 years ago | (#12641952)

Now if they would only open source Netscape calendaring...

Did RedHat get rights to Netscape Calendar? I thought that was all sold to Steltor as Steltor CorporateTime [steltor.com] before it all got gobbled-up by Oracle and became Oracle Collaboration Suite's Oracle Calendar [oracle.com] . The only reason I know this is because my company was a legacy Steltor CorporateTime customer and we recently completed an upgrade to Oracle Calendar as support was about to expire on the Steltor product.

If Netscape Calenedar was open-sourced, perhaps I could better-understand the proprietary database backend used with it.

Sun Directory Server vs. Netscape Directory Server (2, Interesting)

mrbill (4993) | more than 9 years ago | (#12641886)

Isn't Sun's Directory Server [sun.com] based off this as well? I thought they'd acquired all the old Netscape stuff back in the Netscape/iPlanet days.

Where are they now? (2, Informative)

fce2 (819446) | more than 9 years ago | (#12641889)

Where are the other bits of software that once was Netscape Suitespot?

Netscape Calendar was not actually developed by Netscape, but was a version of CS&T's CorporateTime system. CS&T later renamed to Steltor, and is now part of Oracle, CorporateTime forming a large part of their colloboration suite.

Both Netscape and Sun got copies of everything when iPlanet split. Sun still develops and sells them, first as Sun ONE, now as Java Enterprise System. Netscape tried to keep development going for a while, but it kind of stagnated (much in the same way that the Netscape browser stopped moving after the AOL aquisition).

Redhat also got Certificate Server and Enteprise Server (the web server) as part of their deal, see http://www.redhat.com/software/rha/netscape/ [redhat.com] for more.

So where is the other Netscape software? I'm mostly talking about Messaging Server, which is an awesome piece of software, and Collabra Server, which .. isn't. Presumably they're still kicking around in a CVS in the depths of AOL somewhere. Anybody else know anything?

LDAP is lightweight (4, Interesting)

Sufood (861621) | more than 9 years ago | (#12641950)

It's all very well and good to have a lightweight directory system as part of your operating system. However, if Red Hat wants it's identity management system to be more than a lightweight, it should consider asking Netscape to implement more features of the X.500 Directory standard.

The problem with LDAP is that adding the 'L' (lightweight) to the 'DAP' (directory access protocol) removed many features including, most noticably, proper distribution of data over multiple servers and proper chaining of requests.

Proper distribution and request chaining protools would allow Linux systems and MS systems to share a perceived common user data store. At the moment, hybrid enterprises are forced to support multiple islands of trust in the organization. It also sets the operational limits of the system to an enterprise/employee rather than a global/customer scale solution.

Still, it's a good thing that Red Hat is implementing a directory based identity management solution. It's a step in the right direction.

Re:LDAP is lightweight (2, Interesting)

WindBourne (631190) | more than 9 years ago | (#12641987)

LDAP has been able to do distribution over multiple servers for some time. The L in LDAP modifies the protocol, not the server software.

As to directory based ID management, Linux (including Redhat) has had it for eons. You have always had your choice of using kerberos or LDAP or NIS or whatever you like. In fact, I have done some set-ups ~4 years ago where we used LDAP for the ID. It Worked fine.

Re:LDAP is lightweight (0)

Anonymous Coward | more than 9 years ago | (#12642071)

It's all very well and good to have a lightweight directory system as part of your operating system. However, if Red Hat wants it's identity management system to be more than a lightweight, it should consider asking Netscape to implement more features of the X.500 Directory standard.

Of course they should, given the widespread industry adoption of X.500. They should also probably convert over all of the networking to X.25.

Re:LDAP is lightweight (0)

Anonymous Coward | more than 9 years ago | (#12642258)

The funny thing is that if you look at an MS Exchange 5.5 installation, it does come with X.500, X.400, X.25 and other useless OSI support.

Re:LDAP is lightweight (1)

Nailer (69468) | more than 9 years ago | (#12642637)

The problem with LDAP is that adding the 'L' (lightweight) to the 'DAP' (directory access protocol) removed many features including, most noticably, proper distribution of data over multiple servers and proper chaining of requests.

The reason the university of Michigan created a standalone LDAP server was because 96 or 98% of their requests (I can't remember what the number was exactly) were coming through their LDAP to DAP gateway.

LDAP removed many features including, most noticably, proper distribution of data over multiple servers...It also sets the operational limits of the system to an enterprise/employee rather than a global/customer scale solution.

How is LDAP directory partitioning improper? Subsection of the directory can live on localized sites. Does what I want. Works enough to fit, say, France inside an LDAP dir (France, by the way,. is larger than a single enterprise - it's a country, in Europe - sorry, but there's lots of Americans on this web site). What am I missing?

Proper distribution and request chaining protools would allow Linux systems and MS systems to share a perceived common user data store

Like what I can do now with pam_ldap authenticating against AD, making it a common store for Linux and Windows (even though pam_krb5 is a better way of doing things)?

Or what I can do with PGINA on Windows, or the Novell GINA, against any directory server / NDS?

I don't dispute that DAP may do things that LDAP can't. But you haven't definied what you mean by 'proper distribution of data' means, you're just saying LDAP doesn't do something the way you want. Linux and Windows and OS X and Solaris can share LDAP servers. There are massive global LDAP directories that work very well. More detail, please.

Re:LDAP is lightweight (1)

Nailer (69468) | more than 9 years ago | (#12642663)

Also, DAP uses the OSI protocols, including ASN.1. Are you sure that's what you want?

Re:LDAP is lightweight (1)

hyc (241590) | more than 9 years ago | (#12642725)

LDAP uses ASN.1 as well, as it must. And while DAP was defined in the context of OSI protocols, it is not inseparably tied to them. Many companies have released good DAP over TCP implementations.

Re:LDAP is lightweight (1)

hyc (241590) | more than 9 years ago | (#12642750)

The previous poster is right on. Data distribution in LDAP is a hack, accomplished using the poorly specified concept of "referrals" that was added as an afterthought to LDAPv2 and is still underspecified today in LDAPv3.

By throwing out all of the design intelligence that went into the X.500 DSP protocol, defining how server-to-server communication works, the LDAP folks have set themselves back another decade and are still struggling to define the controls and extensions to provide the distribution features that are needed (and were already provided, in real X.500).

All the LDAP servers that implement chaining for management of data distribution have to use proprietary techniques because the LDAP standard is so weak it doesn't provide any meaningful guidance here.

What do you know, it ain't dead yet... (2, Informative)

sillypixie (696077) | more than 9 years ago | (#12642054)

I feel happy about this.

I feel that this may be karmic retribution for Sun railroading us into having to use ^$@#%$&ing pkgadd, instead of those lovely tarball installs of yore, where it all installed into a single directory that I could tar up, or simply blow away if it screwed up... ah, the days of control...

But then, in the short term, the only way that I can see Netscape Directory Server making it into the enterprises that I deal with daily are if it comes bundled or as a dependency for some very well-trusted and established open source app, like maybe a CMS or something such as Bugzilla, or SVN. As an "Enterprise Directory" (ooh aah) it will be a long time before this version could compete, if ever -- everybody wants a stack, these days.

Still, it could be interesting leverage for the big Sun clients who are actually paying for the SJS Directory Server. I think this is the final stage of the commoditization of the animal that is a directory server... damn, I owe a certain Burton Group analyst a beer now...

(-:

Pixie

Open LDAP (1)

a3217055 (768293) | more than 9 years ago | (#12642089)

Open LDAP was hard for me to set up, I finally joined forces with an old sysdamin. Even with her old ways she finally managed to convert NIS over to LDAP and promote it to Linux, Windows, Mac OSX and SGI. I about the time she got the SGI's working said, " So long Alice.." and ran west ward on the continental us. LDAP was a nightmare it, it was really nightmarish for the ADD young sys admins. I know at a company that I was looking into was using a verison of LDAP for the whole company's email, security to log into computers, smb mounted drives. LDAP is good if you know how to set it up but it must have an age filter. But I never have used Netscape Directory but I have heard about it from my NYC buds who say it kicks ass and you get big booty with it. :)

Weird /. error (0, Offtopic)

Anonymous Coward | more than 9 years ago | (#12642122)

From the /. right side nav/ad bar:

Apache
· Your Headline Reader Has Been Banned
· You May Only Load Headlines Every 30 Minutes
· In 72 Hours, Your Ban Will Be Lifted
· Do Not Bother Contacting Us For 72 Hours

WTF? They have been banned from their own RSS feed?

Yeah (0)

Anonymous Coward | more than 9 years ago | (#12642145)

eeee

this i5 goatsex (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12642150)

Software WANTS to be free (0)

Anonymous Coward | more than 9 years ago | (#12642176)

Redhat just lets it

"this is huge at least from my point of view" (0)

Anonymous Coward | more than 9 years ago | (#12642198)

Well, back off RedHat's knob a bit and it won't engulf your vision.

Even Tommy Lee is an ant when viewed from space.

how much this will cost M$, and Novell (1)

kokoko1 (833247) | more than 9 years ago | (#12642262)

I know how hard is to configure openldap I'm just excited after reading nice comments from people who had use ND. Redhat really got a better heart then M$ and other "greedy" parties over there. I just want to know does GPLed ND will cost M$ (AD) and other concern parties in short and long term. Do you people thinks migration from AD base setups to ND (when it beacome avaiable under GPL) would be beneficial? Regards

We used SUN/One for SprintPCS and....... it sucked (5, Interesting)

dlippolt (100881) | more than 9 years ago | (#12642456)

In the development and staging environments it was great. As other posters mentioned you could get from zero to something usable in less than 30 minutes. Everything was as you would expect.

However... in the -production- environment, with 10's of millions of ldap objects connected to SprintPCS's provisioning systems which were making 1,000+ ldap writes --a minute-- the SunOne system absolutely blew chunks.

LDAP architects will ask what the hell we were doing with the entire database in one ldap instance rather than partition the dataset, and they'd be right, but we were acting under Sun's direction since at the time we had one of (if not) the largest LDAPs in the world.

LDAP architects would also wonder why on earth you would ask an ldap server to live under such a write intensive churn, and they'd be right again.

That being said...

-- Multimaster replication would never ever work. Most of the time the entire SprintPCS userbase was hanging off one master and less than 4 replication slaves. For several months the entire messaging system was wedged into a single point of failure nightmare. (to be fair, this wasn't all slapd's fault and had 1/2 of the root cause in Sprint Datacenter practices which produced predictable results [internetnews.com] )

-- Other posters asked for SunOne Calendar server to be opensourced. My first response is to suggest you have your head examined since that thing would die for absolutely no reason on a regular basis. We actually automated the process of detecting its death and restoring from last night's backup. If you were a SprintPCS customer and your calendar ever seemed screwy now you know why. Of course further reflection suggested opensourcing it is probably the only thing that could help at this point because...

-- We used to get hotfix builds from Sun which were missing entire sections of the binaries. Whoever was managing the code would forget to use the same compilation flags for hotfixes as original code so we would receive webmail frontend builds which couldn't talk to imap backends, or calendar backends which wouldn't accept connections from calendar front ends.

-- SOL if you wanted to run more than 4G of memory in slapd.

Dont consider this post a rant, just let any CIO's/etc. reading this know that this opensource release will probably work great for you if you dont load it heavily (unlike exchange 5x, which would grenade just sitting there)

On the other hand, if you want to push the performance envelope, pretty much expect it to take alot of time and cause a bunch of headaches -in production-. Get help from people who have pushed the performance of the tools you are considering running.

Weird mood tonight.

BFD...the IBM LDAP Server has *always* been free (4, Informative)

The Last Gunslinger (827632) | more than 9 years ago | (#12642734)

Why is this even newsworthy?

IBM has licensed its enterprise-class LDAP directory server software free of charge for over 5 years now.

Yep, free. Go to ibm.com and download it for yourself. Anyone. For any purpose.

http://www-306.ibm.com/software/tivoli/products/di rectory-server/ [ibm.com]

It's currently under the Tivoli brand, going as the IBM Tivoli Directory Server v6.0.

Not only does it pack all the bells and whistles of other enterprise LDAP directories, such as multimaster and cascaded replication models, but instead of flat files it *includes* IBM DB2 UDB enterprise edition database (also licensed free of charge) for its data storage. I've seen the comparative test results, and nothing touches this solution for performance and scalability.

It runs on just about anything, too...including Linux on non-x86 hardware.

And they've always GIVEN it away. Free download.

So, someone explain again WHY any company of any size would PAY for an LDAP solution, or why RedHat giving away Netscape Directory is big news?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>