[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ADSI distributed queries CONVERT failures w/ OpenLDAP

To: "Egor Shokurov" <yeghors@netreflector.com>, <openldap-software@OpenLDAP.org>
Subject: RE: ADSI distributed queries CONVERT failures w/ OpenLDAP
From: Nicholas Oddson <noddson@b2bscene.com>
Date: Fri, 26 Jan 2001 14:42:42 -0500
In-reply-to: <95CB586EEC49B540B2D22C8DF8C5FF2E2ED7BE@devsrv.devdomain.ne treflector.com>

Hello Egor,

Hmmm..... I guess the comment I'll make is the application dictates the requirements, so I'm not sure which would be best, but I can provide you with some DS insight perhaps.

ActiveDirectory / MS Exchange - Robust LDAP with clustering and replication = scalable - Tight integration with other utilities (web server, DB server, etc.) - Within the directory there is a TON of data that isn't really LDAP but NT domain related (i.e. it is very cluttered) - Management with pure LDAP tools is not an option (needs to use the supporting AD tools) - Heavily tied in with the NT Domain structure and user accounts on the system (may not want to give permissionable access to machines when an address book was all that was needed) - Extendable scheme but difficult to modify and manage

OpenLDAP - Not as full featured (yet) as other LDAP servers - Supporting tools need work - Not tightly integrated with anything, requires loadable modules for things like specific authentication methods - Pure LDAP implementation - Easily extensible schema and configuration - Unknown scalability

Netscape - Very similar to OpenLDAP with more friendly UI tools - Somewhat integrated with web servers for authentication, mail servers, cert servers, etc... - Pure LDAP implementation - Even easier extensible schema and configuration - Fairly scalable

As for clients, I'll offer what I can:

OpenLDAP API - never used MS ADSI - very good COM object API that interfaces to pretty much everything (not great for Java clients) MS Winldap - haven't used very much, use superceded by ADSI Netscape C API - the definitive LDAP API, good, lean and mean - lacks nice (i.e. OO) interfaces MS ADSI through OLEDB - Read only and seems to have issues with typecasting on non-ActiveDir systems (my current problem) JNDI - another excellent generalized API, fantastic for java (not much else however)

So there you go, just my thoughts. I've only been working in directory data for 3 years though, so other people likely know more and have better experiences.

- Nick

Prev by Date: userPassword's
Next by Date: Re: --with-spasswd, SASL/GSSAPI authentication
Index(es):
- Chronological
- Thread