Red Hat Acquires Netscape Server Products

KrisWithAK writes "According to a press release, Red Hat is acquiring parts of the Netscape Enterprise Suite including the directory server and certificate management system. I am definitely looking forward to more open source competition with OpenLDAP!"

What';s wrong with OpenLDAP?

[tcopeland]

I've used it to replace some Netscape stuff - it was part of a big Weblogic->Oracle->Solaris EJB app.

OpenLDAP seemed to work fine, although maybe it was because we weren't really loading it up too much...

Re:What';s wrong with OpenLDAP?

[KrisWithAK]

It simply depends on the project for which you are using a LDAP server. A project that I am interested in starting would require dyanmic changes to schema as well as security. At least for dynamic security changes, this is implemented in the Netscape directory I believe. On the other hand, you can check out Apple's Open Directory project that has patches for OpenLDAP.

Re:What';s wrong with OpenLDAP?

[Penis_Envy]

Amen. I have nothing against openldap, and have used it in the past, but the sheer ease of managing iPlanet/Netscape/Sun's DS is wonderful. Dynamic schema updates, dynamic aci updates, dynamic anything. All server configuration can be managed through LDAP. Great stuff.

Re:What';s wrong with OpenLDAP?

[LuSiDe]

Widely acknowledged fact: OpenLDAP performs extremely slow. I don't have any real benchmarks though.

Netscape Enterprise Server? Really?

[jea6]

I didn't even realize there still was a standalone Netscape offerring. We migrated from Netscape to iPlanet to Sun Web to Sun Java One (or something like that). Anybody out there stick with the Netscape product?

Re:Netscape Enterprise Server? Really?

[Penis_Envy]

Netscape Directory Server 6 was basically a fork of the iplanet DS 5 product, where Sun carried on the 5.x versioning.

Very very similar products, both good.

Re:Netscape Enterprise Server? Really?

[Ford+Prefect]

Anybody out there stick with the Netscape product?

I've fairly regularly seen little Netscape 'N' logos as the favourites icon in Safari. I can't imagine anyone intentionally setting it to such a thing, so are they from Netscape servers where the icon is still set to the default?

Ease of LDAP.

"I am definitely looking forward to more open source competition with OpenLDAP!"

I'm looking more for an LDAP that's easy to setup and run.

Re:Ease of LDAP.

[LnxAddct]

Then this is definitly for you. Red Hat, as with all things, will open source this. A lot of people say bad things about Red Hat, but they do alot for the community, they just don't try to take the spotlight. I mean how cool is their patent policy? Any patent they get ( which is always for defensive purposes) can be used by any free software project without worries.
Regards,
Steve

Re:Ease of LDAP.

[Trolling4Dollars]

You said that wrong. Let me help:

I, for one, welcome our new LDAP overlords!

With that said, let me also say that I've been working with Sun's iPlanet Directory server since they acquired it from Netscape. It's used for our iPlanet mail suite. In a word, it sucks ass. The intial migration from Netscape Directory server 3.x to iPlanet's directory server was a nightmare. The documentation on the schema layout for mail was non-existent. (Still is as far as I know) There were no migration tools. I just had to dump the Netscape Directory server data to a huge text file. iPlanet support then told me to go through this file by hand and edit or remove any of the lines that didn't apply or had the wrong format. !!!! WTF!? I spent months of late nights pushing the file back and forth between OpenVMS and Solaris just so my boss could use DCL and EDT to make most of the changes needed. The migration actually took me about a year and a half and there is still detritus floating around the LDAP directory. I now have a better understanding of the user account portion of iPlanet's schema, but no thanks to Sun. iPlanet sucks. I can only hope that Redhat will do a better job with what they've acquired.

One last bit to my rant:
Sun STILL has portions of the old Netscape administration tools in the iPlanet suite. This wouldn't be a problem except for the fact that they still kind of work. Enough to damage LDAP data. According to their support they told me to NOT use those tools. THEN WHY THE HELL ARE THEY STILL INCLUDED!!!!??? Crap. Pure crap.

Re:Ease of LDAP.

First, migration from 3.x? That product was end of lifed like 6 or 7 years ago...

Second, the directory server is a great product (probably one of the few great products left unscathed by Sun).

The problems you are seeing are Sun's failure to integrate the iPlanet products well, which only got worse with JES 6.0 - For instance when they added pmdf to the messaging server and changed to the 5.x schema, they broke all the Messaging user admin in Console, and never fixed them or came up with reasonable replacements (Delegated Admin - puleeaze; identity server? don't even get me started...). In JES 6.0, they don't document their new schema again, but this is a messaging/cal problem, not a DS problem. No one bought many of their products, so now they make install all interdependent (messaging and cal depend on identity, which depends on their lousy web or app server, etc). Sun has made a major mess of what used to be pretty good, easy to use products.

In any case, take out the messaging and cal products, and directory is actually very good, very fast, very flexible.

Looks like a good fit.

[kensai]

However a couple of questions.
1. How does the Netscape Directory Server compare to OpenLDAP?
2. Are the two interoperable?

Re:Looks like a good fit.

[Plake]

Developers from Netscape started LDAP. From the looks of the Directory Server it does.

Here's the feature guide for Directory Server 6.21.

Re:Looks like a good fit.

[Penis_Envy]

1. Netscape DS compares very favorably. It has multi-master replication, and its performance is far above that of openLDAP. OpenLDAP is opensource, though, and very flexible. Netscape has to be paid for, and it's (if I recall) per-seat licensing. Sun's DS is per-entry licensing. Sun's DS and Netscape's DS are very similar, being forks of iPlanet's DS.

2. Yes, sort of. Some forms of replication can work, and both are standard ldap servers. As far as I know (I haven't used openldap for a bit) openldap cannot understand Netscape/iPlanet/Sun Directory server's new replication.

Re:Looks like a good fit.

[prowley]

Sun's DS and Netscape's DS are very similar, being forks of iPlanet's DS.

While you are correct, the iPlanet DS was actually a rebranded Netscape DS to begin with.

Re:Looks like a good fit.

[Penis_Envy]

Right, 4.x was netscape's directory server. The fork I was specifically referring to was the fork of DS 5, which was drastically different from the 4.x code that was originally netscape's. As far as I know/knew, the 5.x version was an iPlanet effort.

AOL already uses it.....

[ARRRLovin]

....it must be good!

I hope they can advance enough to make some real competition for Microsoft Active Directory. I know a huge reason Windows shops never consider an alternative is because the AD GPO allows for some very granular management of AD resources.

That's still around?

[mcc]

Seriously? I thought the Netscape Enterprise product line fizzled out back when people thought selling pet food on the internet was a good idea.

Do you mind if I ask, how worthwhile are these products to Redhat? What kind of state are they in? How recently have they been updated, are they still in active development or just maitenence mode? Does anyone still use them? And do they offer any worthwhile features or functionality not already available in free products?

Re:That's still around?

[Penis_Envy]

For me, the Directory Server product is very very interesting. If they could offer up some of the multi-master replication to openLDAP, or the Active Directory integration, big headway could be made in enterprise environments in the Directory Server space.

That's the only thing of interest to me, personally. I think apache's web server eclipsed them a while ago.

Re:That's still around?

[LnxAddct]

If you've ever had to use openLDAP then you will never be happier once RH releases this. The features are limitless, but two things off the top of my head are that it has a significant improvement as far as speed and system resources go, and also it has good, advanced replication. It's easy to use and just an all around good architecture. Try it out when its released, it will speak for itself. Personally, I'm more interested in the Certificate Server.
Regards,
Steve

Re:That's still around?

[kjs3]

We use it where I work.

We run iPlanet on several hundred web servers and have a SunONE pilot looking to cover around 25 million users. iPlanet stuff seems to be smooth; SunONE has been...challenging.

As I understand, tho, what RedHat got isn't the new stuff we are using.

Re:That's still around?

[rpresser]

Seriously? I thought the Netscape Enterprise product line fizzled out back when people thought selling pet food on the internet was a good idea.

Selling pet food on the internet *is* a good idea, or at least a profitable one.

Re:That's still around?

[rihock]

After the iPlanet split, AOL continued to develop Directory and CMS (CMS is awesome BTW).

For RedHat, it means they can compete in the enterprise directory market. Sun's services run on Linux as well as Solaris for x86, so RedHat needs these to maintain any kind of competitive stance. Its a good buy for them since AOL isn't doing anything with the products.

Does OpenLDAP even work?

[Offwhite98]

I have tried ever few months to set up OpenLDAP using newer releases with instructions on their website and it never would work. I always had some issue with the DBM libraries or the commands in the tutorial were inaccurate and not current with the updated command-line options. It goes to show that no matter if the software actually works, if the documenation is not at least half decent the software is still incomplete.

I have maintained Netscape/iPlanet LDAP servers before and they may not be perfect, but they worked. Perhaps a good open source LDAP server will help LDAP become a viable alternative to Windows Directory or other authentication systems.

I thought I read about a Java LDAP server once, but never looked into it much.

Re:Does OpenLDAP even work?

[Etyenne]

It work fine. Use the package for your distribution, don't try to compile it yourself if you are unsure about what to do. The man page seem to reflect the current command-line options, I don't see much problem here.

LDAP in general and OpenLDAP in particuliar is a complex subject. The initial learning curve is pretty steep. Good luck with it.

Re:Does OpenLDAP even work?

[gunnk]

I can respond to that with an enthusiastic YES, it does work.

We use it to authenticate our email and calendar users (from two different servers). I'm migrating us off our OLD Netware servers (damn lean budget years!) to Samba and am setting Samba to authenticate against it as well, finally giving our users a single userid and password for all our services.

OpenLDAP is lightweight (size and CPU-wise), robust, and reliable. It's also really easy to set up if you use the version included with your distribution. You can also replicate the server to give yourself good fault-tolerance on another piece of hardware.

RedHat has good online documentation on their website in the RHEL Reference Guide that should help explain things to you a bit.

Re:Does OpenLDAP even work?

[ElForesto]

Do yourself a BIG favor and get some books on LDAP. If you don't, it's like trying to translate Klingon into Arabic using a poodle as your interpreter. I once tried setting up an LDAP server for a shared address book before I had any clue what I was doing, and I learned to regret that exercise in frustration.

Re:Does OpenLDAP even work?

[tylernt]

I feel your pain. OpenLDAP and the other products may compare at the user-level, but for administration, OpenLDAP just sucks. I have yet to find a good administration tool for it. Maybe one is hiding out there or is being developed as I speak.

Novell sucks because there are some things you can do only in NWAdmin, others you can do only in ConsoleOne. Dumb. That's from Netware 5.1 and 6.0 though, maybe their newer stuff has improved.

Lotus Domino's admin software sucks because everything is buried under 17 layers and if you click the wrong 'X' in the interface, you lose all 17 layers and have to start over. I hate Domino.

iPlanet/SunOne's GUI interface isn't too bad but seems to be really slow, even on a 2GHz server with very few users(?). For advanced config options, you sometimes have to resort to editing a text file (albeit still within the admin GUI), which is one weak point.

AD seems to have got it right with the ADUC and other MMC snap-ins, although if you get in and start messing around with permissions and GPOs you'd better know exactly what the heck you are doing because it's real easy to change things in ways you never expected (or in other words, break AD). The only drawback is, you don't have much low-level control over LDAP attributes and things -- you're just kind of stuck with 'the Microsoft Way' of doing things.

In short, there is no perfect solution. I favor OpenLDAP just because it's OSS but the installation (from source) and the learning curve are both unpleasant. If you're a clueless MCSE-type and just want a quick LDAP directory, I'm afraid AD is the least painful route... if you don't mind clicking a soul-sucking EULA and bleeding ridiculous licensing fees to the Evil Empire.

are they gonna open source it?

[hruntrung]

I read the press release, and they made reference to integrating the products into the Open Source Architecture, but they don't actually come out and say, "we're gonna make it [insert favorite license here]."

Also, is there any reference documentation for the Open Source Architecture? I'd love it, cause as it stands, sometimes open sources like a disorganized mess.

Re:are they gonna open source it?

[LnxAddct]

Everything Red Hat has, does, or buys becomes open source. This is equally true for their patents (which are aquired for defensive reasons). Here is their patent policy. In short, it states that any patents they hold may be used by any free software project without fear of any infringement.
Regards,
Steve

Increasing Power of Red Hat

[ZSmitty]

Just two years ago AOL was looking to aquire Red Hat. http://slashdot.org/articles/02/01/19/041215.shtml It's amazing how things have changed. Where AOL once wanted Red Hat to be another Netscape for them, Red Hat is now purchasing parts of Netscape from AOL. Personally, I think its great.

Re:Increasing Power of Red Hat

[DrXym]

AOL has basically stripped Netscape down to the bone. After they got their pound of flesh from Microsoft they weren't interested in maintaining it any more. Whole departments were shitcanned and now it's just a small rump serving up content to Netscape.com.

Which is a shame from AOL's perspective since now their AOL client is stuck with an obsolete browser engine, written by their mortal enemy. They could have gone to Gecko but they chose not to. Oh yes - I'm sure MS will be leaping up and down to add new functionality for AOL's sake - NOT.

The sad thing is there were (and are) AOL products that do use Gecko, including at one stage beta of the AOL client. But rather stupidly they never followed through in any serious manner. If they had shipped an AOL client using Gecko there would now be 25+ million additional non-IE users in the US. Even where they did use it, such as AOL Communicator (a Thunderbird like email client) they basically screwed the pooch by implementing the whole app in C++ and using Gecko just to render HTML mail. How stupid is that given they could have written it in XUL in less time?

AOL just doesn't get it. Technology is for them just the means to stick a big shiny button on the start page. That's as good as it gets. Technical considerations such as standards compliance play second fiddle to marketing and dumb ideas to keep their audience happy. I also reckon there was a lot of infighting between the 'establishment' (who develop against IE) and those who want to try something risky even if it means flux in the short term.

Well that's too bad for them. Their customer base is dwindling - sick of the monolithic client, sick of the AWFUL email, sick of the incestuous links, and sick of the pricing. These days I reckon all but the most helpless of their users would be happier with barebones broadband, Firefox / IE combined with an email app. AOL is going to find itself in a niche if it doesn't change soon.

Please tell me about Netscape LDAP server ACL

[Etyenne]

In the past, RedHat have been open-sourcing pretty much every applications they acquired AFAIK (see Sistina GFS, for example). Thus, I am pretty confident we will soon have a second Open-Source LDAP server from this deal. There is no garatee, but I am looking forward to it.

For those who are familiar with Netscape LDAP server, could you teach me a bit about its ACL management capability ? OpenLDAP, in this regard, is pathetic. The ACL have to be written in some kind of filter language *inside* the config file, which need a restart/reload to take effect. It is very error-prone and basically the part of OpenLDAP that give me the most troubles. How is Netscape in this regard ? Can you define by-object ACL ? How are they stored ? How do you manage them ?

Thanks for you insights !

Re:Please tell me about Netscape LDAP server ACL

[Penis_Envy]

ACL's in iPlanet/Netscape/Sun's DS are wonderful. ACL's can be held in any entry, and take effect immediately. All you have to do is request the aci attribute (assuming you have priveledges) to see the rules. Acl's go so far as to be dynamic, too, taking into account the binding user's DN, being able to create masks, etc.. There are some wonderful features that I hope make it into openLDAP, or heck, if they just open the source of Netscape DS, that'd be incredible.

Re:Please tell me about Netscape LDAP server ACL

[mikemcc]

ACLs are just an attribute of the object. It's really very elegant. For example:

dn: dc=company,dc=com
creatorsname: cn=Directory Manager
createtimestamp: 20020307024738Z
dc: company
objectclass: top
objectclass: dcObject
aci: (targetattr != "userPassword") (version 3.0; acl "Anonymous access"; allo
w (read, search, compare) userdn = "ldap:///anyone";)
aci: (targetattr="*")(version 3.0; acl "nis-admin account"; allow (all) userdn
="ldap:///cn=nis-admin,ou=administrators,ou=topolo gymanagement,o=netscaperoo
t";)
aci: (targetattr="userPassword||sn||cn||givenname||tele phonenumber||mobile||pa
ger||title||description")(version 3.0; acl "self update options"; allow (all
) userdn="ldap:///self";)
aci: (targetfilter="(l=SF)")(targetattr="*")(version 3.0; acl "SF Admins"; all
ow (all) groupdn="ldap:///cn=ldap-admin-sf,ou=group,ou=serv ices,dc=company,d
c=com";)

Re:Please tell me about Netscape LDAP server ACL

[Just+Some+Guy]

ACLs are just an attribute of the object. It's really very elegant. For example

You forgot the <smartass> tag. You did mean that sarcastically, didn't you?

I replaced NIS with OpenLDAP on a small network and have a lot of love for it, but your example looked like a Sendmail config file rewritten as APL macros piped through Perl with a couple of trips through Babelfish. That is, I recognized a few words but have no freakin' idea what you were trying to say.

I sincerely hope Netscape provides some good competition to OpenLDAP, because I'd like to think I'll never have to try to understand what you just wrote.

Re:Please tell me about Netscape LDAP server ACL

[Penis_Envy]

How is it not elegant? The only interface you need to the directory to manage it and use it is via LDAP, and changes take place very quickly, with no down time.

The filters make a LOT of sense, he put some simple ones in there, but you get the hang of it:

aci: (targetattr != "userPassword") version 3.0; acl "Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";)

If the target attribute is not "userPassword", (then a version number, and a description) then allow read, search, or compare, and then an ldap uri that says "anyone". Basically, anyone can read, search, or compare, so long as it's not ther userPassword attribute.

The ldap uri could be a specific user, or a group. What is so complex about that? If you would like a click-box interface for it, there is one, too. Personally, this interface is very nice (I think) as it's simple to write clients for it, and automate changes when needed. It's the same idea that mysql uses (feel free to correct me if I'm wrong) where permimssions and users are stored in the db too.

What's the point?

[DogDude]

I don't understand what Red Hat is trying to do. It's ancient software. The brand "Netscape" is now. They already sell a competing product.
The schizophrenia that Red Hat is displaying makes Sun & Oracle look sane by comparison.

Netscape Servers

[HexaByte]

This is, IMHO, a good thing. I tried to get a couple of Netscape Servers up and running last year. The Directory Server was a snap, but the Messaging Server had problems. Since it hasn't been update since Sun abandoned the IPlanet joint venture, we tried to use various plugins and hacks to keep it from being used as an open relay, or getting spam floods, but no luck. We ended up abandoning the project, but we may be re-doing it in Open Exchange.

Netscape Directory Server...

[MadMorf]

I was responsible for a pair of Netscape Directory Servers, version 6.1 IIRC, at a former employer.

They were relatively trouble free, much more so than some of the other "Netscape" products (Calendar Server)...

Once in awhile they would hang, without any sort of error indication, no log entries or the like, which made troubleshooting them very problematic.

The management interface was a Java app, which seemed fairly primitive,compared to NDS/eDirectory which I have used for about 9 years and AD which I have used since late 2000.

Overall, I'd say my experience with Netscape Directory Server was positive, but it really could use some updating, if it hasn't been already...

Re:Sun vs. AOL

[Penis_Envy]

iPlanet was a join Sun/Netscape venture. AOL bought Netscape, thus Netscape's Directory server. When the iPlanet venture was dissolved, AOL had the directory server, which was one of the things Netscape brought to the iPlanet experiment. I don't recall the details, but I think they forked the code when iPlanet was absorbed into Sun.

The significance of this...

[Pivot]

is that now the best LDAP server in the marketplace in terms of functionality (4 way clustering, complete in-tree ACL support, enterprise level scalability) now becomes available as open source. The iplanet offering comes with a per entry licensing fee of about $1 (less if you need more than one million entries). Our company actually went out and bought Sun servers to avoid this, since Solaris includes a decent number of entry licenses per server. Now we can deploy on linux servers instead without the licensing hassle. Another nail in the Sun coffin...

Re:The significance of this...

[rihock]

Actually, the Sun Directory Server 5.2 is better than Netscape's in many significant ways- the replication is better, performance is better, etc. It can be deployed on Linux as well as Solaris x86. You could acquire Sun Directory Server via JES licensing which is cheaper for smaller organizations and gives you better support.

Calendar Server

[anthonyclark]

So whatever happened to Netscape's calendar server?

Way back, I installed it at an R&D facility; the client worked across platforms (solaris and windows) and provided an alternative to the nasty exchange lock-in.

Is there *any* alternative to Exchange now?

Re:Calendar Server

[Temkin]

It became iPlanet CS, which became SunONE CS and is integrated into the Sun JES stack. It now includes an Outlook connector.

http://wwws.sun.com/software/products/calendar_s rv r/home_calendar.html

Re:Calendar Server

[danpritts]

http://meetingmaker.com/

Meeting Maker is a semi-reasonable cross-platform alternative to exchange for calendaring. They support the mac well, and they have a java/web client. They have a (motif) solaris client for the older versions which they never ported to linux, i think that this has been discontinued with the current version. However I think they have something more coming with the upcoming product.

You can make the windows client work in Wine, and the web/java client works standalone with a 1.3.1 JVM.

The server runs on windows, mac, solaris, and linux.

It originally was a mac product.

There is also something called Corporate Time, I'm not really familiar with it.

Re:Calendar Server

[rihock]

Sorry, Sun makes a great alternative to exchange. With Sun Messaging Server, and Calendar deployed it works better, and cheaper than exchange. With the outlook connector you can use it with Outlook as well. Sun also offers a unified web client that brings calendar, mail and address book together in one web interface (much better than OWA).

For proof, I did an implementation for over 1 million users of calendar, directory and messaging. Its run on three 6800's (two for messaging, one for calendar, all domained and clustered) and has, yes, this is true, only 2, yes 2 admins.

Try that with exchange!

Re:Sun vs. AOL

[danuary]

...All of which means that Red Hat did NOT just buy all of the fun and interesting products that iPlanet produced -- Messaging/Calendar/et al are actually useful, mature, stable products -- but instead bought a stable LDAP server whose codebase probably hasn't changed much in several years.

A smart move

[IGnatius+T+Foobar]

This is a smart move on Red Hat's part. It's clear to them that in order to remain competitive in the enterprise space, they have to have a "middleware stack" (as the industry has been calling it). Sun has SunOne/N1, Microsoft has ADS, and of course Novell has NDS/eDirectory which is soon to be a major Linux product. It would have quickly become a big gap in Red Hat's offering.

By acquiring this software, Red Hat immediately improves the value proposition of their platform. By open sourcing it, the software can quickly gain mindshare and installed base. Imagine what would have happened if Novell had done this in, say, 1999. There'd be NDS everywhere, and Active Directory wouldn't have nearly the penetration it does today.

pGina

[lavaface]

You may be interested in pGina; it's a nifty, opensource, project that allows you to bypass Microsoft's authentication schemes and replace it with something like LDAP. Works like a charm! We're still working out the kinks of the roaming profiles with the ftp plugin though. Anyone interested in cross-platform authentication should check it out.

Re:open Virtual machine (for java, C# python perl)

[Alan+Cox]

There are a lot of patent questions around mono, mostly when you go beyond the core language spec. There are lot of patents around java too but at least IBM owns most of them.

For the moment Red Hat has been extensively involved in things like the GNU java compiler. That has an additional advantage over a virtual machine - it can generate native code so you can program in java and get sane memory consumption and performance, while jits generally only achive one of the two (or neither usually)

always preview

[lavaface]

Link

Shot across the bow to Novell/SuSE

[mosel-saar-ruwer]

I didn't even realize there still was a standalone Netscape offerring. We migrated from Netscape to iPlanet to Sun Web to Sun Java One (or something like that). Anybody out there stick with the Netscape product?

This is a direct challenge to Novell/SuSE and Novell Directory Services [or eDirectory, or whatever they're calling it this week].

Red Hat must have realized that they needed a directory offering to compete in the enterprise.

That gives us four major directory vendors:

1) Novell/SuSE/Ximian/Novell Directory Services
2) Microsoft/Active Directory
3) Sun/Sun One [iPlanet] 4) RedHat/Netscape Directory Server

PS: Now that the Netscape browser has devolved into Firefox, and the enterprise stuff has been sold to Red Hat, does Netscape still exist as an independent company [other than some "portal" site on the web]?

PPS: And are there any /. CPAs who'd care to calculate AOL's return on investment from the Netscape purchase?

Re:Shot across the bow to Novell/SuSE

[GarfBond]

PS: Now that the Netscape browser has devolved into Firefox, and the enterprise stuff has been sold to Red Hat, does Netscape still exist as an independent company [other than some "portal" site on the web]?

The answer is no. I wasn't even aware that Netscape still had server products; I thought part of the AOL/Netscape merger was that all of those were sold off to Sun as iPlanet.

July 2003 was when all Netscape browser developers were fired from AOL, and AOL now has no relationship with Mozilla other than history.

Basically the only things left of Netscape now are Netscape.com portal and a brand name.

Finally linux for CertServer and Calendar Server?

[Forget4it]

Netscape and then Sun stopped just when they were getting the plot. The Calendar Server has a backend that does the conflict resolution inc case of double-booking. It is time to integrate that with Mozilla Calender client. The Certificate Management system played nice with LDAP and but had a top-heavy administration server. It was a nice web-based GUI that an CertAuthority might be delegated to use. It will be a big win for OSS if these servers can now supported in linux - Sun were never going to do that properly. my 2 cents

3rd Party Source code to be removed.

[xyleen]

AOL has 21 days to remove all 3rd party source code from the builds of all of the products Redhat is acquiring. One of the key components of Enterprise Mail server is the Mail Transfer Agent (MTA).

The MTA is written by Innosoft International (www.innosoft.com). So the question is will they be leaving out a vital component of the mail server or will they just have to give away the MTA as well.

OpenLDAP vs Netscape's LDAP server

[Sxooter]

About three years ago (admittedly, my knowledge is pretty old now) I tested and compared the two. The Netscape LDAP server used up a huge chunk of memory, even sitting idle, and could handle only a few authentication's / searches per second on our dual P-III 750 machine with 1 gig ram. The memory usage, if I recall correctly, was about 50 megs per process (not shared mem, individual memory usage by the way) with a default of something like 5 of them running.

OpenLDAP used about 20 megs of memory total, ramping up to 50 to 100 megs under heavy load. It could handle about 30 to 40 auths / searches a second.

Worse for the Netscape server was that it would just plain stop working after an hour or so of heavy load testing.

We went with OpenLDAP, and wrote our own edit screens for it since at the time it came with nothing very useful to a user (only ldapadd, etc... command line stuff).

After about a year of only handling the web server it was on we pointed our Peoplesoft implementation at it, which proceeded to increase our load from one auth every couple of seconds to about 10 auths a second. Other than the slightly larger number of openldap processes running, we never really noticed the load.

Hope that helps anyone looking at the two. I certainly would hope the Netscape server has gotten better, but everything I've read about it since then seems to say it hasn't.

Re:OpenLDAP vs Netscape's LDAP server

I can confidently say that you mis-configured the Netscape Server. The Netscape Server has always been a lot faster than OpenLDAP, even while doing more stuff (like multi-master replication - which openLDAP cannot, and doesn't seem to want to do).
The Netscape DS does not require or use multiple processes - it is a multi-threaded server. If configured correctly it will scale into the millions of entries, and 100's operations per second. For most deployments (and the server was pretty much sold into Fortune 500 environments exclusively) this server doesn't even break a sweat. It is also btw coded to scale well up to 4 processors.
Since around the 3.1/4.0 versions it has been the fastest Directory Server of any and all comers, period. It is also one of the most standards compliant and the most stable servers. I recall at a DS meet, Kurt from OpenLDAP had a pretty mean test suite designed to break directory servers which they (obviously) had coded to pass. That test suite broke every vendor in the room (and that means every major DS vendor) to varying degrees except the OpenLDAP and Netscape servers - and this was post iPlanet. Active Directory for example, managed to get through only a few minutes of a test suite that lasted about an hour.
I have always been an admirer of the OpenLDAP product since they produced a good product with comparitively fewer resources. However, it is not (perhaps not yet) in the same league as the Netscape DS when it comes to scaling.

Apache?

[emil]

Will Red Hat dump the Apache webserver over the new noxious licensing?

OpenBSD has done so (by halting with an old release).

Let's Make A Deal!

[piecewise]

AOL buys Netscape for $4.2 billion.

AOL sells Netscape for $30 million.

Hmm.. Carry the 4... the 0's... Yep, that's a crap deal. Congrats to AOL and all parties involved.

And everyone was worried AOL would buy RedHat. Oh the irony!

Re:ldap vs. sql

[prowley]

Yes a Directory Server is a database. However, whereas a SQL server is a general purpose database engine, an LDAP Directory Server is typically optimized for read speed at the expense of write speed. Other highlights include a hiarchical tree structure to store entries and extensive standard schema for many object types.
Essentially, LDAP directories fill niche roles, one of which is as an address book server, another is authentication services. In their niche, DS deployments are unequalled (and no, slapping an LDAP protocol interface on a SQL engine doesn't cut it.) One guiding principal is if you have 70/80% reads to 30/20% writes - a directory server may be a better option for your application. There are other considerations, but that is beyond the scope of this blah blah blah...

Re:I never thought I'd see the day...

[amper]

It should be mentioned that most of Netscape's products started out as free software:

1. Netscape Directory Server was derived from the UMich LDAP implementation.

2. Netscape Messaging Server started life as Cyrus and Post.Office hacked together.

3. Netscape Collabra Server was an enhanced INN.

4. etc. and of course, let's not forget NCSA Mosaic...

Re:ldap vs. sql

[kris]

Yes a Directory Server is a database.

A database that is not even in 1st normal form.

Other highlights include a hiarchical tree structure to store entries and extensive standard schema for many object types.

And primary keys called "dn"s (distinguished names) that reflect the tree structure in a kind of path, so that when you move objects around in the tree, the dn changes. You'll have to change all other attributes that contain this dn as a value in order to keep the tree consistent. There are no mechanisms in LDAP that help you to do this, i.e. there are no constraints.

But that isn't really a problem, because you wouldn't want to use dn valued entries anyway - LDAPs query language has no join operation at all, so in order to resolve a mail alias object containing dn valued entries for the rhs of the mail alias, you'd be forced to program that resolution in a loop by hand on the client side. For each client supporting it.

In order to minimize dn volatility, you end up flattening your tree structure, for example by putting all users into the same level just below "ou=users,dc=example,dc=com". Which has the added benefit of making a lot of queries easier and faster. You know, LDAP has tree structures just like XML does, but the LDAP query language does not have axes the way XPath has. You would not have been able to leverage the tree structure in LDAP queries anyway. There is no way to formulate "find me all machine objects that have person objects at some level above them where the person is at management level" in term of the LDAP query language. It would be trivial in XPath.

And that is just before you start to think about missing bulk replication protocols, language variants of attribute values or the internal structure of Netscape aci attributes.

LDAP is the single worst designed database structure you can come across. It is not "not in normal form", it is the anti-normal, a complete deviation.