[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP - versioning/stability questions

To: <richard@Goerwitz.com>
Subject: RE: OpenLDAP - versioning/stability questions
From: "Matthew Hardin" <mhardin@symas.com>
Date: Wed, 23 Feb 2005 12:52:47 -0800
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <421A6BB6.3020501@Goerwitz.COM>

Richard Goerwitz wrote:
[...]
> But if you multiply the effort required to keep on compiling from
> source, deploying, recompiling, patching, etc. times the number of
> enterprise applications we use (DHCP, DNS, HTTPd, etc.) you get a
> number that vastly exceeds the labor supply in a small college
> systems staff. 

It's nice to see someone doing the math. This is not something that people
often take into account with OpenLDAP and other Open Source products- they
just think they can compile some "free" software and that's the end of it.

OpenLDAP is different from many other Open Source projects because it
depends heavily on not just one, but five (and sometimes more) different
technologies. We find the best deployments come from implementers who have
some depth of knowledge with each of these technologies.

> So before deploying anything like OpenLDAP my goal it to see how
> little we can *reasonably* get away with doing to care for it and
> feed it.
> 
> If there's nothing that we can reasonably do to reduce the care
> and feeding expenses, then so be it.

You can always consider using a commercially-built, tested, and supported
product based on OpenLDAP. This allows you to split the cost of ongoing
maintenance with others, provides you with a stable repository of OpenLDAP
skills, and gives you a reliable backstop in case you need help. Even though
what you save in staff time expenditures has to be partially balanced with
monetary expenditures, we find that folks who look closely at the equation
quickly realize the benefits of doing that.

> Incidentally, for small IT shops the real challenge isn't bringing
> new services up.  Honestly.  Most people think that the cool and
> the new is the real challenge.  But in truth it's easy to find a
> lot of smart people who are interested in (and capable of getting
> running) the cool and the new.  The hard part is cleaning up after
> them, or forcing them to hand things off in such a way that dumber
> or busier people can maintain what they've set up.

This is a problem in large IT shops, too.

> With OpenLDAP my goal is to see what's possible here.

I hope I've shown you another avenue.

> I'm entirely convinced (after my work with 2.2.23, setting up
> scripts to automate archiving and recovery of bdb back ends, and
> getting our current provisioning scripts running with it) that
> it is a very cool piece of software, by the way.  I'm *extremely*
> pleased with what I'm seeing in my own testing.

OpenLDAP has come a long way in the five years Symas has been involved with
it. It went from something that was suited for small embedded applications
to a full-featured server that competes head to head with the "Big Boys" and
often comes out ahead in both cost _and_ performance.

Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
http://www.symas.com

> --
> 
> Richard Goerwitz                               richard@Goerwitz.COM
> tel: 507 645 7015

References:
- Re: OpenLDAP - versioning/stability questions
  - From: "Richard L. Goerwitz III" <richard@Goerwitz.com>

Prev by Date: Proxy Authorization Source vs. Destination
Next by Date: configure: error: Could not locate TLS/SSL package
Index(es):
- Chronological
- Thread