Slashdot Mirror
Red Hat Acquires Netscape Server Products
KrisWithAK writes "According to a press release, Red Hat is acquiring parts of the Netscape Enterprise Suite including the directory server and certificate management system. I am definitely looking forward to more open source competition with OpenLDAP!"
I've used it to replace some Netscape stuff - it was part of a big Weblogic->Oracle->Solaris EJB app.
OpenLDAP seemed to work fine, although maybe it was because we weren't really loading it up too much...
The Army reading list
Netscape Directory Server 6 was basically a fork of the iplanet DS 5 product, where Sun carried on the 5.x versioning.
Very very similar products, both good.
Developers from Netscape started LDAP. From the looks of the Directory Server it does.
Here's the feature guide for Directory Server 6.21.
Check out Mon and Mon.cgi
1. Netscape DS compares very favorably. It has multi-master replication, and its performance is far above that of openLDAP. OpenLDAP is opensource, though, and very flexible. Netscape has to be paid for, and it's (if I recall) per-seat licensing. Sun's DS is per-entry licensing. Sun's DS and Netscape's DS are very similar, being forks of iPlanet's DS.
2. Yes, sort of. Some forms of replication can work, and both are standard ldap servers. As far as I know (I haven't used openldap for a bit) openldap cannot understand Netscape/iPlanet/Sun Directory server's new replication.
ACL's in iPlanet/Netscape/Sun's DS are wonderful. ACL's can be held in any entry, and take effect immediately. All you have to do is request the aci attribute (assuming you have priveledges) to see the rules. Acl's go so far as to be dynamic, too, taking into account the binding user's DN, being able to create masks, etc.. There are some wonderful features that I hope make it into openLDAP, or heck, if they just open the source of Netscape DS, that'd be incredible.
Then this is definitly for you. Red Hat, as with all things, will open source this. A lot of people say bad things about Red Hat, but they do alot for the community, they just don't try to take the spotlight. I mean how cool is their patent policy? Any patent they get ( which is always for defensive purposes) can be used by any free software project without worries.
Regards,
Steve
This is, IMHO, a good thing. I tried to get a couple of Netscape Servers up and running last year. The Directory Server was a snap, but the Messaging Server had problems. Since it hasn't been update since Sun abandoned the IPlanet joint venture, we tried to use various plugins and hacks to keep it from being used as an open relay, or getting spam floods, but no luck. We ended up abandoning the project, but we may be re-doing it in Open Exchange.
HexaByte - he's a square and a half!
iPlanet was a join Sun/Netscape venture. AOL bought Netscape, thus Netscape's Directory server. When the iPlanet venture was dissolved, AOL had the directory server, which was one of the things Netscape brought to the iPlanet experiment. I don't recall the details, but I think they forked the code when iPlanet was absorbed into Sun.
I can respond to that with an enthusiastic YES, it does work.
We use it to authenticate our email and calendar users (from two different servers). I'm migrating us off our OLD Netware servers (damn lean budget years!) to Samba and am setting Samba to authenticate against it as well, finally giving our users a single userid and password for all our services.
OpenLDAP is lightweight (size and CPU-wise), robust, and reliable. It's also really easy to set up if you use the version included with your distribution. You can also replicate the server to give yourself good fault-tolerance on another piece of hardware.
RedHat has good online documentation on their website in the RHEL Reference Guide that should help explain things to you a bit.
Life is short: void the warranty.
You may be interested in pGina; it's a nifty, opensource, project that allows you to bypass Microsoft's authentication schemes and replace it with something like LDAP. Works like a charm! We're still working out the kinks of the roaming profiles with the ftp plugin though. Anyone interested in cross-platform authentication should check it out.
harmonious design
It became iPlanet CS, which became SunONE CS and is integrated into the Sun JES stack. It now includes an Outlook connector.
http://wwws.sun.com/software/products/calendar_
Link
harmonious design
http://meetingmaker.com/
Meeting Maker is a semi-reasonable cross-platform alternative to exchange for calendaring. They support the mac well, and they have a java/web client. They have a (motif) solaris client for the older versions which they never ported to linux, i think that this has been discontinued with the current version. However I think they have something more coming with the upcoming product.
You can make the windows client work in Wine, and the web/java client works standalone with a 1.3.1 JVM.
The server runs on windows, mac, solaris, and linux.
It originally was a mac product.
There is also something called Corporate Time, I'm not really familiar with it.
You said that wrong. Let me help:
I, for one, welcome our new LDAP overlords!
With that said, let me also say that I've been working with Sun's iPlanet Directory server since they acquired it from Netscape. It's used for our iPlanet mail suite. In a word, it sucks ass. The intial migration from Netscape Directory server 3.x to iPlanet's directory server was a nightmare. The documentation on the schema layout for mail was non-existent. (Still is as far as I know) There were no migration tools. I just had to dump the Netscape Directory server data to a huge text file. iPlanet support then told me to go through this file by hand and edit or remove any of the lines that didn't apply or had the wrong format. !!!! WTF!? I spent months of late nights pushing the file back and forth between OpenVMS and Solaris just so my boss could use DCL and EDT to make most of the changes needed. The migration actually took me about a year and a half and there is still detritus floating around the LDAP directory. I now have a better understanding of the user account portion of iPlanet's schema, but no thanks to Sun. iPlanet sucks. I can only hope that Redhat will do a better job with what they've acquired.
One last bit to my rant:
Sun STILL has portions of the old Netscape administration tools in the iPlanet suite. This wouldn't be a problem except for the fact that they still kind of work. Enough to damage LDAP data. According to their support they told me to NOT use those tools. THEN WHY THE HELL ARE THEY STILL INCLUDED!!!!??? Crap. Pure crap.
Un-news
I think if you have ever struggled through openldap, then installed and had to manage a Netscape/Sun/iPlanet/JES/SunONE directory server, you wouldn't ask this :)
FWIW, even Netscape's 4.x directory server was top notch. Netscape's current directory server is based on the iPlanet 5.x server, which Sun's directory server (currently at 5.2 in the current JES product) is also based on, and there has not been a lot of significant functional changes to the product since the split (at least not on the Sun side).
Seriously? I thought the Netscape Enterprise product line fizzled out back when people thought selling pet food on the internet was a good idea.
Selling pet food on the internet *is* a good idea, or at least a profitable one.
First, migration from 3.x? That product was end of lifed like 6 or 7 years ago...
Second, the directory server is a great product (probably one of the few great products left unscathed by Sun).
The problems you are seeing are Sun's failure to integrate the iPlanet products well, which only got worse with JES 6.0 - For instance when they added pmdf to the messaging server and changed to the 5.x schema, they broke all the Messaging user admin in Console, and never fixed them or came up with reasonable replacements (Delegated Admin - puleeaze; identity server? don't even get me started...). In JES 6.0, they don't document their new schema again, but this is a messaging/cal problem, not a DS problem. No one bought many of their products, so now they make install all interdependent (messaging and cal depend on identity, which depends on their lousy web or app server, etc). Sun has made a major mess of what used to be pretty good, easy to use products.
In any case, take out the messaging and cal products, and directory is actually very good, very fast, very flexible.
The answer is no. I wasn't even aware that Netscape still had server products; I thought part of the AOL/Netscape merger was that all of those were sold off to Sun as iPlanet.
July 2003 was when all Netscape browser developers were fired from AOL, and AOL now has no relationship with Mozilla other than history.
Basically the only things left of Netscape now are Netscape.com portal and a brand name.
You forgot the <smartass> tag. You did mean that sarcastically, didn't you?
I replaced NIS with OpenLDAP on a small network and have a lot of love for it, but your example looked like a Sendmail config file rewritten as APL macros piped through Perl with a couple of trips through Babelfish. That is, I recognized a few words but have no freakin' idea what you were trying to say.
I sincerely hope Netscape provides some good competition to OpenLDAP, because I'd like to think I'll never have to try to understand what you just wrote.
Dewey, what part of this looks like authorities should be involved?
After the iPlanet split, AOL continued to develop Directory and CMS (CMS is awesome BTW).
For RedHat, it means they can compete in the enterprise directory market. Sun's services run on Linux as well as Solaris for x86, so RedHat needs these to maintain any kind of competitive stance. Its a good buy for them since AOL isn't doing anything with the products.
# nohup
Actually, the Sun Directory Server 5.2 is better than Netscape's in many significant ways- the replication is better, performance is better, etc. It can be deployed on Linux as well as Solaris x86. You could acquire Sun Directory Server via JES licensing which is cheaper for smaller organizations and gives you better support.
# nohup
Sorry, Sun makes a great alternative to exchange. With Sun Messaging Server, and Calendar deployed it works better, and cheaper than exchange. With the outlook connector you can use it with Outlook as well. Sun also offers a unified web client that brings calendar, mail and address book together in one web interface (much better than OWA).
For proof, I did an implementation for over 1 million users of calendar, directory and messaging. Its run on three 6800's (two for messaging, one for calendar, all domained and clustered) and has, yes, this is true, only 2, yes 2 admins.
Try that with exchange!
# nohup
Right, 4.x was netscape's directory server. The fork I was specifically referring to was the fork of DS 5, which was drastically different from the 4.x code that was originally netscape's. As far as I know/knew, the 5.x version was an iPlanet effort.
The filters make a LOT of sense, he put some simple ones in there, but you get the hang of it:
If the target attribute is not "userPassword", (then a version number, and a description) then allow read, search, or compare, and then an ldap uri that says "anyone". Basically, anyone can read, search, or compare, so long as it's not ther userPassword attribute.
The ldap uri could be a specific user, or a group. What is so complex about that? If you would like a click-box interface for it, there is one, too. Personally, this interface is very nice (I think) as it's simple to write clients for it, and automate changes when needed. It's the same idea that mysql uses (feel free to correct me if I'm wrong) where permimssions and users are stored in the db too.
Speaking as someone who was once an expert at using both EDT and DCL, I recommend you learn gawk (GNU awk).
Editing huge ldifs from the command line is a breeze with gawk. Thank you Mr. Robbins!
Yes a Directory Server is a database. However, whereas a SQL server is a general purpose database engine, an LDAP Directory Server is typically optimized for read speed at the expense of write speed. Other highlights include a hiarchical tree structure to store entries and extensive standard schema for many object types.
Essentially, LDAP directories fill niche roles, one of which is as an address book server, another is authentication services. In their niche, DS deployments are unequalled (and no, slapping an LDAP protocol interface on a SQL engine doesn't cut it.) One guiding principal is if you have 70/80% reads to 30/20% writes - a directory server may be a better option for your application. There are other considerations, but that is beyond the scope of this blah blah blah...