[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP in Production

To: "Brian K. Jones" <jonesy@CS.Princeton.EDU>, "ldap list" <openldap-software@OpenLDAP.org>
Subject: RE: OpenLDAP in Production
From: "Matthew Hardin" <mhardin@symas.com>
Date: Wed, 26 Feb 2003 12:24:28 -0800
Importance: Normal
In-reply-to: <1046268331.17115.9.camel@newhotness>

I am aware of large, medium, and small organizations around the world that are realizing the financial and engineering benefits of OpenLDAP, both as embedded and general-purpose directory servers. Folks from some of those organizations have already posted their own responses. If you watch this list you will come to see that many of the folks who post and answer questions here are tmeselves using OpenLDAP in production deployments of various sizes.

It is likely that at the time that book was written OpenLDAP was in its 1.x or 2.0 incarnations. We at Symas are aware of and have ourselves based commercial product on OpenLDAP 2.0, and OpenLDAP has made tremendous strides since then. There are too many improvements to list here, but the one that stands out in my mind as a feature that really made OpenLDAP a reasonable choice for large production deployments is the development of the Berkeley DB backend. The key benefits of of this backend are improved stability, performance, and capacity, transaction support, and the ability to do database backups without taking down the server. Many folks have contributed their own sweat and blood to this body of code, and I think that's one of the things that makes OpenLDAP as good as it is.

One of the missing pieces has been a solution for organizations that want to reap the benefits of OpenLDAP, have serious deployment, maintenance, and support requirements, but don't want to become experts in building and testing it. For those folks a packaged, certified, and supported version of OpenLDAP is likely the best solution.

Documentation is the one place that lacks polish, but everything you could ever want to know about OpenLDAP is available in one form or another, even if it is not easily accessible (i.e, you have to read code). Like the code itself, this continues to improve, and volunteers are always invited to improve the Admin guide.

Finally, that GUI that you will use once or twice a year to configure the server is missing. Oh well ;-).

Don't fall into the trap of thinking that OpenLDAP is "free". While access to the source code is guaranteed, the talent to build, test, and deploy it comes at a price, whether you become an expert yourself or contract for it. Regardless of the choice you make, though, deploying and operating OpenLDAP will usually cost significantly less than purchasing and deploying the offerings from Sun, IBM, or Novell, and you remain in control of your own fate to a much larger extent that you would with those products.

I think Michael Ströder [michael@stroeder.com] put it best:

>There is no reason to put or not put OpenLDAP into production provided that you
>- have clearly defined *your* requirements,
>- evaluated features/support/maintenance,
>- checked interoperability with all LDAP-enabled applications and
>- heavily tested it in *your* environment.
>You also have to do this with *each and every* commercial product. Expect to 
>find showstopper bugs in LDAP servers of 'leading directory vendors'. Bang 
>hard on any product before making a decision.


Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP software: http://www.symas.net/download


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Brian K. Jones
Sent: Wednesday, February 26, 2003 6:06 AM
To: ldap list
Subject: OpenLDAP in Production


I was thumbing through the pages of an LDAP book in the bookstore and came across a paragraph about OpenLDAP, which said:

"...I personally know of people who have done significant testing and prototyping work using these products. However, I know of nobody who has yet trusted them to support his or her business applications. Bottom line: If you want to play with compiling and modifying your own LDAP server, this is a good place to start."

This is discouraging, as I had planned to put OpenLDAP into production, after evaluating eDir and, to a lesser extent, the Sun product.  Aside from GUI tools and docs (which I don't have a particularly dire need for), where is OpenLDAP lacking compared to eDir and Sun?  Why shouldn't I put this into production?  

Interestingly, the author doesn't give an opinion on Linux, and the first chapter in the book was 'Active Directory', IIRC.

References:
- OpenLDAP in Production
  - From: "Brian K. Jones" <jonesy@CS.Princeton.EDU>

Prev by Date: Re: OpenLDAP and BDB
Next by Date: RDBMS and LDAP wars
Index(es):
- Chronological
- Thread