[Date Prev][Date Next]
Re: Alternative to OpenLDAP
--On Thursday, October 02, 2003 12:48 PM -0400 "Yelich, Scott D."
Hello everyone ...
This might be off topic - but does anyone have any recommendations for a
replacement/alternative for OpenLDAP that would provide a central
*password* repository and preferably integrate into AD? Supported clients
need to include most common OSes such as Solaris, Tru64, HP/UX, AIX,
Redhat/Linux, OSX, etc.
Specifically, a commercial product? I'm mostly looking for someone who
has considerable knowledge of such product and could give a word or two
why the product is a preferred alternative. I can search the net and
read glossy sales documents or paid "reviews" ... but I'm interested in
real world experiences.
I keep hearing and seeing that everyone and their grandmother has
LDAP/SSO working and I'm just wondering what people are using *other*
than OpenLDAP (as this no longer appears a viable solution).
Just out of curiosity, is there a particular reason that OpenLDAP does not
suit your needs? Here at Stanford, we ran Netscape/iPlant/Sun for quite
some time, and had enough issues with it over time that we decided to
re-evaluate our platform of choice. At that time, we evaluated the current
offerings from quite a few major providers (See
<http://www.stanford.edu/~chandau/wip/compare.html>). I've also talked
with a number of people at other universities who are looking at moving
from their current product lines to OpenLDAP. Our experience with OpenLDAP
as a directory server has been extremely positive so far -- It meets our
current needs, and the continued growth and implementation of new features
gives us opportunities to expand that we are looking forward to using. We
also looked at SunOne/iPlanet a few months ago when we were looking at
Portal projects for the unversity. At that time, I again had a change to
evaluate SunOne as a directory service. I still find it cumbersome to use,
interface wise, and less than straight forward to operate. Something that
has been extremely useful for us with OpenLDAP is our ability to easily
upgrade across product releases and the ability to look at and review the
source if necessary. We already have 2.2 servers in our development
environment up, so that when it is released, we can migrate with little
Anyhow, our experience with iPlanet/SunOne was not productive. We do
currently use AD in limited scope for our windows systems, and will
continue to do so, but the AD servers are fed from our OpenLDAP servers.
We have one department using SunOne for now, but they too feed from our
OpenLDAP servers, and with the syncRepl functionality in OpenLDAP 2.2, we
will be moving them to OpenLDAP as well.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html