Slashdot Mirror
Red Hat Acquires Netscape Server Products
KrisWithAK writes "According to a press release, Red Hat is acquiring parts of the Netscape Enterprise Suite including the directory server and certificate management system. I am definitely looking forward to more open source competition with OpenLDAP!"
I didn't even realize there still was a standalone Netscape offerring. We migrated from Netscape to iPlanet to Sun Web to Sun Java One (or something like that). Anybody out there stick with the Netscape product?
sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
....it must be good!
I hope they can advance enough to make some real competition for Microsoft Active Directory. I know a huge reason Windows shops never consider an alternative is because the AD GPO allows for some very granular management of AD resources.
-Randy
I have tried ever few months to set up OpenLDAP using newer releases with instructions on their website and it never would work. I always had some issue with the DBM libraries or the commands in the tutorial were inaccurate and not current with the updated command-line options. It goes to show that no matter if the software actually works, if the documenation is not at least half decent the software is still incomplete.
I have maintained Netscape/iPlanet LDAP servers before and they may not be perfect, but they worked. Perhaps a good open source LDAP server will help LDAP become a viable alternative to Windows Directory or other authentication systems.
I thought I read about a Java LDAP server once, but never looked into it much.
Brennan Stehling - http://brennan.offwhite.net/blog/
In the past, RedHat have been open-sourcing pretty much every applications they acquired AFAIK (see Sistina GFS, for example). Thus, I am pretty confident we will soon have a second Open-Source LDAP server from this deal. There is no garatee, but I am looking forward to it.
For those who are familiar with Netscape LDAP server, could you teach me a bit about its ACL management capability ? OpenLDAP, in this regard, is pathetic. The ACL have to be written in some kind of filter language *inside* the config file, which need a restart/reload to take effect. It is very error-prone and basically the part of OpenLDAP that give me the most troubles. How is Netscape in this regard ? Can you define by-object ACL ? How are they stored ? How do you manage them ?
Thanks for you insights !
:wq
For me, the Directory Server product is very very interesting. If they could offer up some of the multi-master replication to openLDAP, or the Active Directory integration, big headway could be made in enterprise environments in the Directory Server space.
That's the only thing of interest to me, personally. I think apache's web server eclipsed them a while ago.
I don't understand what Red Hat is trying to do. It's ancient software. The brand "Netscape" is now. They already sell a competing product.
The schizophrenia that Red Hat is displaying makes Sun & Oracle look sane by comparison.
I don't respond to AC's.
I was responsible for a pair of Netscape Directory Servers, version 6.1 IIRC, at a former employer.
They were relatively trouble free, much more so than some of the other "Netscape" products (Calendar Server)...
Once in awhile they would hang, without any sort of error indication, no log entries or the like, which made troubleshooting them very problematic.
The management interface was a Java app, which seemed fairly primitive,compared to NDS/eDirectory which I have used for about 9 years and AD which I have used since late 2000.
Overall, I'd say my experience with Netscape Directory Server was positive, but it really could use some updating, if it hasn't been already...
Goofy, Geeky Gifts and More!
Everything Red Hat has, does, or buys becomes open source. This is equally true for their patents (which are aquired for defensive reasons). Here is their patent policy. In short, it states that any patents they hold may be used by any free software project without fear of any infringement.
Regards,
Steve
is that now the best LDAP server in the marketplace in terms of functionality (4 way clustering, complete in-tree ACL support, enterprise level scalability) now becomes available as open source. The iplanet offering comes with a per entry licensing fee of about $1 (less if you need more than one million entries). Our company actually went out and bought Sun servers to avoid this, since Solaris includes a decent number of entry licenses per server. Now we can deploy on linux servers instead without the licensing hassle. Another nail in the Sun coffin...
...All of which means that Red Hat did NOT just buy all of the fun and interesting products that iPlanet produced -- Messaging/Calendar/et al are actually useful, mature, stable products -- but instead bought a stable LDAP server whose codebase probably hasn't changed much in several years.
If you've ever had to use openLDAP then you will never be happier once RH releases this. The features are limitless, but two things off the top of my head are that it has a significant improvement as far as speed and system resources go, and also it has good, advanced replication. It's easy to use and just an all around good architecture. Try it out when its released, it will speak for itself. Personally, I'm more interested in the Certificate Server.
Regards,
Steve
This is a smart move on Red Hat's part. It's clear to them that in order to remain competitive in the enterprise space, they have to have a "middleware stack" (as the industry has been calling it). Sun has SunOne/N1, Microsoft has ADS, and of course Novell has NDS/eDirectory which is soon to be a major Linux product. It would have quickly become a big gap in Red Hat's offering.
By acquiring this software, Red Hat immediately improves the value proposition of their platform. By open sourcing it, the software can quickly gain mindshare and installed base. Imagine what would have happened if Novell had done this in, say, 1999. There'd be NDS everywhere, and Active Directory wouldn't have nearly the penetration it does today.
Tired of FB/Google censorship? Visit UNCENSORED!
Netscape and then Sun stopped just when they were getting the plot. The Calendar Server has a backend that does the conflict resolution inc case of double-booking. It is time to integrate that with Mozilla Calender client. The Certificate Management system played nice with LDAP and but had a top-heavy administration server. It was a nice web-based GUI that an CertAuthority might be delegated to use. It will be a big win for OSS if these servers can now supported in linux - Sun were never going to do that properly. my 2 cents
Artificial intelligence is the study of how to make real computers act like the ones in the movies.
We run iPlanet on several hundred web servers and have a SunONE pilot looking to cover around 25 million users. iPlanet stuff seems to be smooth; SunONE has been...challenging.
As I understand, tho, what RedHat got isn't the new stuff we are using.
AOL has 21 days to remove all 3rd party source code from the builds of all of the products Redhat is acquiring. One of the key components of Enterprise Mail server is the Mail Transfer Agent (MTA).
The MTA is written by Innosoft International (www.innosoft.com). So the question is will they be leaving out a vital component of the mail server or will they just have to give away the MTA as well.
This is not my sig
Will Red Hat dump the Apache webserver over the new noxious licensing?
OpenBSD has done so (by halting with an old release).
I can confidently say that you mis-configured the Netscape Server. The Netscape Server has always been a lot faster than OpenLDAP, even while doing more stuff (like multi-master replication - which openLDAP cannot, and doesn't seem to want to do).
The Netscape DS does not require or use multiple processes - it is a multi-threaded server. If configured correctly it will scale into the millions of entries, and 100's operations per second. For most deployments (and the server was pretty much sold into Fortune 500 environments exclusively) this server doesn't even break a sweat. It is also btw coded to scale well up to 4 processors.
Since around the 3.1/4.0 versions it has been the fastest Directory Server of any and all comers, period. It is also one of the most standards compliant and the most stable servers. I recall at a DS meet, Kurt from OpenLDAP had a pretty mean test suite designed to break directory servers which they (obviously) had coded to pass. That test suite broke every vendor in the room (and that means every major DS vendor) to varying degrees except the OpenLDAP and Netscape servers - and this was post iPlanet. Active Directory for example, managed to get through only a few minutes of a test suite that lasted about an hour.
I have always been an admirer of the OpenLDAP product since they produced a good product with comparitively fewer resources. However, it is not (perhaps not yet) in the same league as the Netscape DS when it comes to scaling.
Widely acknowledged fact: OpenLDAP performs extremely slow. I don't have any real benchmarks though.
WE DON'T NEED NO BLOG CONTROL.
It should be mentioned that most of Netscape's products started out as free software:
1. Netscape Directory Server was derived from the UMich LDAP implementation.
2. Netscape Messaging Server started life as Cyrus and Post.Office hacked together.
3. Netscape Collabra Server was an enhanced INN.
4. etc. and of course, let's not forget NCSA Mosaic...
Yes a Directory Server is a database.
A database that is not even in 1st normal form.
Other highlights include a hiarchical tree structure to store entries and extensive standard schema for many object types.
And primary keys called "dn"s (distinguished names) that reflect the tree structure in a kind of path, so that when you move objects around in the tree, the dn changes. You'll have to change all other attributes that contain this dn as a value in order to keep the tree consistent. There are no mechanisms in LDAP that help you to do this, i.e. there are no constraints.
But that isn't really a problem, because you wouldn't want to use dn valued entries anyway - LDAPs query language has no join operation at all, so in order to resolve a mail alias object containing dn valued entries for the rhs of the mail alias, you'd be forced to program that resolution in a loop by hand on the client side. For each client supporting it.
In order to minimize dn volatility, you end up flattening your tree structure, for example by putting all users into the same level just below "ou=users,dc=example,dc=com". Which has the added benefit of making a lot of queries easier and faster. You know, LDAP has tree structures just like XML does, but the LDAP query language does not have axes the way XPath has. You would not have been able to leverage the tree structure in LDAP queries anyway. There is no way to formulate "find me all machine objects that have person objects at some level above them where the person is at management level" in term of the LDAP query language. It would be trivial in XPath.
And that is just before you start to think about missing bulk replication protocols, language variants of attribute values or the internal structure of Netscape aci attributes.
LDAP is the single worst designed database structure you can come across. It is not "not in normal form", it is the anti-normal, a complete deviation.
If you are running Windows XP or have access to a Windows 2003 Server, download ADAM and give it a openminded look. I think you will find that it works very well for application development. The ADAM/adsiedit utility will allow you to quickly interact and begin development and management of ADAM. Multimaster replication, multiple data partitions on a single server, robust authentication and authorization, scalability and expandability.
And in the end if you cannot overlook the fact that you must have a copy of Windows XP or 2003 server to run it, at least you will have a good example of something one of you (or a group of you) can copy when developing or improving an open source alternative.