[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Alternative to OpenLDAP

--On Thursday, October 02, 2003 12:48 PM -0400 "Yelich, Scott D." <syelich@commerzbank-usa.com> wrote:

Hello everyone ...

This might be off topic - but does anyone have any recommendations for a
replacement/alternative for OpenLDAP that would provide a central
*password* repository and preferably integrate into AD? Supported clients
need to include most common OSes such as Solaris, Tru64, HP/UX, AIX,
Redhat/Linux, OSX, etc.

Specifically, a commercial product?  I'm mostly looking for someone who
has considerable knowledge of such product and could give a word or two
why the product is a preferred alternative.  I can search the net and
read glossy sales documents or paid "reviews" ... but I'm interested in
real world experiences.

I keep hearing and seeing that everyone and their grandmother has
LDAP/SSO working and I'm just wondering what people are using *other*
than OpenLDAP (as this no longer appears a viable solution).

Hi Scott,

Just out of curiosity, is there a particular reason that OpenLDAP does not suit your needs? Here at Stanford, we ran Netscape/iPlant/Sun for quite some time, and had enough issues with it over time that we decided to re-evaluate our platform of choice. At that time, we evaluated the current offerings from quite a few major providers (See <http://www.stanford.edu/~chandau/wip/compare.html>). I've also talked with a number of people at other universities who are looking at moving from their current product lines to OpenLDAP. Our experience with OpenLDAP as a directory server has been extremely positive so far -- It meets our current needs, and the continued growth and implementation of new features gives us opportunities to expand that we are looking forward to using. We also looked at SunOne/iPlanet a few months ago when we were looking at Portal projects for the unversity. At that time, I again had a change to evaluate SunOne as a directory service. I still find it cumbersome to use, interface wise, and less than straight forward to operate. Something that has been extremely useful for us with OpenLDAP is our ability to easily upgrade across product releases and the ability to look at and review the source if necessary. We already have 2.2 servers in our development environment up, so that when it is released, we can migrate with little pain.

Anyhow, our experience with iPlanet/SunOne was not productive. We do currently use AD in limited scope for our windows systems, and will continue to do so, but the AD servers are fed from our OpenLDAP servers. We have one department using SunOne for now, but they too feed from our OpenLDAP servers, and with the syncRepl functionality in OpenLDAP 2.2, we will be moving them to OpenLDAP as well.


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html